Slashdot Mirror
DNSChanger Shut-Down Means Internet Blackout Coming For Hundreds of Thousands
Since you're reading this here, you're probably already aware that in the early hours of Monday, lots of DNS calls are going to fail as the FBI turns off servers from which Windows machines infected with DNSChanger have been served. New submitter SuperCharlie adds a reminder of the impending shutdown, and adds:
"The FBI has a step-by-step method for you to see if you are infected in this PDF document, or you can go to dcwg.org for an automated check if you are so inclined."
Is anyone else sick of hearing about this?
Just shut the servers down already and be done with it.
An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
Is disconnecting hundreds of thousands of infected machines really a problem?
An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
What's wrong with a four letter .org? They obviously vetted it. There was also a mention of "dns-ok.us". That domain looks even funkier but it's perfectly legit.
1) It's a bad idea to train users that they should actually believe a web page that tells them they have a virus and how to remove it. This is typically used to spread malware, not remove it.
2) The FBI wanted this to go on as long as possible, because it allows them to spy on the traffic sent to the now FBI-controlled servers.
Believe it or not disconecting people, does not solve the problem, they buy a new computer take it to geek squad who nukes and paves it and sells them a rediculously overpriced unreliable antivirus.
Actually that scenario does solve the problem. Infected machines need to be formatted and reinstalled.
An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
>nondescript .org
DCWG is DNS Changer Working Group
How is it nondescript? It's a friggin' acronym for the name of the group.
Tell me, how descriptive is slashdot.org? Why are you here on a site that has a nondescript.org name?
>modded informative
Right. There's no accounting for taste among mods.
--
BMO
Because it will work a second time... and a third... and a fourth... If you redirect morons to a "you're infected!" message, then they will be easily fooled by the fake one they receive tomorrow.
Why did this get flamebait? working in a PC shop 6 days a week i can tell you that since Vista damned near every bug I've seen has been a PEBKAC related infection.
What you see is the infections taking certain obvious routes over and over:: 1.- "ZOMG U got teh viruz! Run "Iz not viruz iz cleanerz!.exe" to kill teh bug ZOMG!" 2.-"want teh hot lezboz? U 2 can have teh hot lezboz! Just run "Iz not bug iz codecz.exe" and U can be watching teh hot lezboz right now!" 3.-"Want teh latest (insert Hollywood movie or song) for free? U 2 can have teh (insert Hollywood movie or song) for free! Just run "Iz not bug iz new limewirez" and U can have (insert Hollywood movie or song) right now!" 4.- "Hey my BFF on FB LOL! Look at my funny video! Just run "Iz Not Bug iz video.exe" and be sure to say yes to UAC so U can see teh funny!"
Notice how EVERY DAMNED ONE is a PEBKAC problem? That damned "New Limewire" one I even had an ID10T that I had to throw out of the shop because when the AV practically threw itself onto the screen screaming "ITS A BUG! DON'T DO IT!" what did he do? he uninstalled the AV and then wanted ME to fix it because "It says right there its the New Limewire so make it work dammit!"
So I'm sorry but as XP dies the days of the easy driveby are dying with it, replaced by an even easier target, lazy and or greedy and or stupid users.
ACs don't waste your time replying, your posts are never seen by me.
The point is if you teach them that sometimes it actually does fix problems then they are far more likely to keep clicking them.
"Just pretend to be from the FBI, send them to such a site, and you can infect them all you want."
You missed a step.
Just pretend to be from the FBI, tell them "your machine is infected", send them to such a site, and you can infect them all you want.
Also FatPhil on SoylentNews, id 863
> >nondescript .org
.gov; end of.
>
> DCWG is DNS Changer Working Group
>
> How is it nondescript? It's a friggin' acronym for the name of the group.
Only if you know in advance there's such a working group. And you know in advance there's malware with that name. The people who are previously aware of such things are probably not the people who are going to still be infected.
I'm sure the grandparent poster could come up with an sensible-sounding acronym based on the dodgy domain he proffered. Being an acronym of something that sounds sensible does *not* make it trustworthy.
You need to take a step back. You are unable to put yourself in the shoes of those who do not have the prior information that you have.
The dns-ok domains are just as untrustworthy intrinsically. Why should I trust those, but not trust equivalent domains with "dns-check" or "dns-safe" in their name? Why is "ok" OK, but "safe" not safe? Explain that to someone who does not have prior knowledge about the situation.
It's a government-funded and supported effort, the domain should have been either under
Also FatPhil on SoylentNews, id 863
Notice how EVERY DAMNED ONE is a PEBKAC problem?
No, I don't. And I've given speeches about this very subject.
The problem is a user interface design problem. The computer lies to the user, a user untrained in computers and thus unable to spot the lie. I'm not talking about the "hot lesbians inside" lie, I am talking about the lie where the user intends to do one thing, instructs the computer to do it, and the machine does something entirely different without telling the user.
The computer displays an icon indicating that something is a video. User clicks on it, intending to watch a video. Instead, a program is executed and installs malware on the machine. There are so many design failures here, it is painful:
* false information about the nature of the object
* bad interface design not allowing the user to express his action clearly (clicking on an action has context-specific meanings)
* bad ACL allowing an unintended action to have even more unintended consequences
* bad feedback to the user as to what is actually happening
To abuse a car analogy - malware is like a CD that you put into your CD player in your car and it makes a copy of your car keys and when you're driving past the next post office, mails it to someone in Poland.
And you are blaming the driver. Seriously?
The real solutions are a little less convenient than simply blaming the user. They require thoughts, intelligence, lots of testing inside and outside the lab, to find better user interface paradigms. One that, for example, allows the user to make a difference between "show me this document" and "run this program". And a change in mindset that moves away from the "users are stupid, let's not bother them with the difference between documents and programs" to "actually, it turns out that with a bit of training, people do understand the difference between the switch that controls the lights and the one that controls the windshield wipers".
It also requires smarter technology that can really undo actions. When software installs follow the change set concept, then we are getting somewhere.
There's a lot more, and I don't claim to have even the majority of the answers, much less all of them. But I do know that we've been asking the wrong questions for way too long. I have about a dozen pieces of the puzzle that I've researched in depth, and in all cases it turns out that stupid users is not the root cause.
In fact, IT security would be a lot better off if it were to simply accept stupid users as a fact, just like limited memory and damaged network packages and find ways to work with them without falling over. You know, the Ping of Death was really, really embarassing. Most of IT Security is much like it.
And yes, I know what I'm talking about, I do this for a living, I give speeches about it, I've been doing research on this for over a decade. If you're in Europe, you can hire me on this.
Assorted stuff I do sometimes: Lemuria.org
People who think twice about clicking this link generally aren't affected by dnschanger in the first place.
Is it so hard to turn on file extensions and see that despite the movie file icon, it is an exe and so a program?
Who is the irresponsible idiot that hid the extensions in the first place, maybe it was the same that had by default auto start enabled on .inf files?
Yes MS I'm blaming you for bringing up a generation of clueless, at least in the DOS days we still knew what an extension stood for!
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
I'm sorry but he's full of shit because he is still pretending everyone has WinXP when in Vista and Win 7 there is UAC WARNINGS before you launch executables but NO warning before you just play a video.
And perhaps you both better read what I wrote again because in damned near every case the AV TRIED to stop them, did everything but yank the damned keyboard away, but they simply refused to listen (or in the case of the "New Limewire" guy) actively REMOVED THE ANTIVIRUS TO ALLOW THE MALWARE IN.. Now you tell ME friend, short of an Apple style "You may do nothing without corporate approval" style iOS can you stop that in ANY way by changing any part of a UI?
The answer is you can't, because its NOT a UI problem, despite the "ZOMG HAIRY WORKS FOR M$" troll we had in this thread, its a dancing bunnies problem where the user KNOWS what they are doing is risky, they KNOW there is a more than average chance at infection, but for free movies/music/porn/stuff they simply DO NOT CARE and will happily help the malware writer remove any and all roadblocks that get between them and the prize. so I'm sorry, but you can't fix a user problem with a tech solution, it just doesn't work unless you take away all the rights and give them thin clients.
ACs don't waste your time replying, your posts are never seen by me.
Here's a clue
You think that I could study computer science without realizing that? What you don't realize is that there is an important difference in running a known application and having it open a file and running an unknown application. Secondly, that there is a difference between running an application when you want to and know that you are doing so and running an application without realizing that you are doing so.
The bad guys will use whatever they can
That, exactly, is the point. Why do we give them so many ways to use?
You're stupid suggestions do nothing to make this better.
Sorry to burst your babble, but some of "my" suggestions aren't my own inventions but are from peer-reviewed articles that show they do have the desired effect. Unfortunately, much of this has never gone beyond prototype stage, because the major OS vendors aren't accepting the responsibility, either don't give a fuck (MS), are too focused on not breaking the consistency of their design (Apple) or are run by geeks who don't understand user interface design (Linux).
Making the user aware that they run a program to view a document will change nothing.
I see you are one of the people who believe that user awareness is the problem. It isn't. The futility of user awareness trainings, which we in the IT security industry have been running for decades to little effect, should've made clear that this isn't true.
There will always be stupid users and they will always outnumber smart ones
There is no such thing as a stupid user. Every time an IT security person uses the word "stupid user", he is trying to draw attention away from his own failures. I have done root cause analysis on "stupid user" topics, and I can show you a deeper cause for every issue commonly attributed to "stupid users".
Your attitude towards users is one of the reasons that things are as ugly as they are. If car makers would think the same about drivers, our highways would be slaughter houses and people would dread driving, not enjoy it.
Assorted stuff I do sometimes: Lemuria.org
How do you decide what is "executable" and what isn't?
Good point, yes. I don't have an answer for that. The reverse would be easier: The system knows what kinds of file types it can handle that are not executables.
Users simply ignore this
Of course they do. We've trained them for a decade that warning dialogs are a nuissance, nothing important is ever in them, they're filled with techno-babble, and interrupt their work at the worst possible moments and the default option is almost always the one they want.
The reason is simplicity: We simply want the computer to "open" whatever it is we're interested.
I believe we've been trained to think that way. I remember times when that wasn't true. Early computers didn't have this metaphors. You did not "open" a document from the command line. You ran a program and then opened the file from that program's open dialog. I still remember that opening a document directly was confusing to me at first.
Download a good program and left-click it by habit
But that's today's habit. My thought experiment was assuming that what we have today never happened, so this habit has never formed.
Fundamentally it comes down to understanding the separation of the two kinds of files and why it's important to treat them differently. This requires technically informed users -- the very same flaw as simply displaying file extensions.
I do believe that users aren't that stupid - you just have to speak their language. File extensions and binary code isn't their language.
What we need are better metaphors. The ones we have suck. Humans are fantastic at applying metaphors. I'm not a linguist except by interest, so I don't think I can come up with the solution. But I've done enough research to believe that the solution lies somewhere in that direction.
It'll be a jump, one we can hardly imagine. Like multitouch - it seems to natural and obvious now that we've had it for a while, but 20 years back it wasn't obvious in the least. Gestures? Please. Go back 30 years and try to explain gestures to the C64 home computer crowd. A mouse was revolutionary in those days.
I believe we will solve this on the user interface design front, and then we'll look back and wonder how we could ever be so stupid.
Assorted stuff I do sometimes: Lemuria.org