Taking Down DNSChanger: A First Person Account

penciling_in writes "Paul Vixie shares his personal account of the DNSChanger takedown operation, working with the FBI and a worldwide team. He also explains the delay issues in identifying and notifying victims, which resulted in the FBI asking the judge for an extension. They were given four more months. 'On July 9 2012 the replacement DNS servers operated by ISC will be shut down and any victims who still depend on these servers will face new risks,' he warns. A half-dozen national Internet security teams around the world have created special websites that will display a warning message to potential victims of the DNS Changer infection. The full list of these 'DNS Checking' websites is published by the DNS Changer Working Group."

I still disagree with the delays

[Skapare]

There should have been a period of time to do the notifications with the DNS running "normally". At the end of that (no extension), change the DNS servers so they return an IP for ALL domains that directs everything to a single page that tells them that their computers and/or network is infected, and they need to contact a security consultant, their ISP, or a specified contact at the FBI. After that time, the DNS should go dead (route those IPs into a blackhole). That all should have been overwith by now. There's no justification to delay further for stupid people.