DNSChanger Shut-Down Means Internet Blackout Coming For Hundreds of Thousands

← Back to Stories (view on slashdot.org)

DNSChanger Shut-Down Means Internet Blackout Coming For Hundreds of Thousands

Posted by timothy on Saturday July 7, 2012 @03:02PM from the are-you-on-the-list dept.

Since you're reading this here, you're probably already aware that in the early hours of Monday, lots of DNS calls are going to fail as the FBI turns off servers from which Windows machines infected with DNSChanger have been served. New submitter SuperCharlie adds a reminder of the impending shutdown, and adds: "The FBI has a step-by-step method for you to see if you are infected in this PDF document, or you can go to dcwg.org for an automated check if you are so inclined."

264 comments

Min score:

Reason:

Sort:

DSNChanger??? by Anonymous Coward · 2012-07-07 15:04 · Score: -1, Offtopic

mods, wake up!
first p0st! ;-)
1. Re:DSNChanger??? by Anonymous Coward · 2012-07-07 15:36 · Score: 2, Funny
  
  Wait, which OS does this malware run on?
2. Re:DSNChanger??? by noobermin · 2012-07-07 16:31 · Score: 5, Funny
  
  No, in this case, the malware is installed between the keyboard and the chair.
3. Re:DSNChanger??? by Anonymous Coward · 2012-07-07 17:38 · Score: -1
  
  Wait, which OS does this malware run on?
  What makes you think it's OS-specific?
4. Re:DSNChanger??? by Samantha+Wright · 2012-07-07 18:21 · Score: 1
  
  Not sure why it was so important to mod this off-topic—there's a typo in the submission title!
  
  --
  Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
5. Re:DSNChanger??? by hairyfeet · 2012-07-07 19:11 · Score: 5, Insightful
  
  Why did this get flamebait? working in a PC shop 6 days a week i can tell you that since Vista damned near every bug I've seen has been a PEBKAC related infection.
  What you see is the infections taking certain obvious routes over and over:: 1.- "ZOMG U got teh viruz! Run "Iz not viruz iz cleanerz!.exe" to kill teh bug ZOMG!" 2.-"want teh hot lezboz? U 2 can have teh hot lezboz! Just run "Iz not bug iz codecz.exe" and U can be watching teh hot lezboz right now!" 3.-"Want teh latest (insert Hollywood movie or song) for free? U 2 can have teh (insert Hollywood movie or song) for free! Just run "Iz not bug iz new limewirez" and U can have (insert Hollywood movie or song) right now!" 4.- "Hey my BFF on FB LOL! Look at my funny video! Just run "Iz Not Bug iz video.exe" and be sure to say yes to UAC so U can see teh funny!"
  Notice how EVERY DAMNED ONE is a PEBKAC problem? That damned "New Limewire" one I even had an ID10T that I had to throw out of the shop because when the AV practically threw itself onto the screen screaming "ITS A BUG! DON'T DO IT!" what did he do? he uninstalled the AV and then wanted ME to fix it because "It says right there its the New Limewire so make it work dammit!"
  So I'm sorry but as XP dies the days of the easy driveby are dying with it, replaced by an even easier target, lazy and or greedy and or stupid users.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
6. Re:DSNChanger??? by houghi · 2012-07-07 19:45 · Score: 2, Informative
  
  Translation: cracking (hacking for the media) is 95% social engineering. Always was. Always has been.
  
  --
  Don't fight for your country, if your country does not fight for you.
7. Re:DSNChanger??? by Tom · 2012-07-07 21:28 · Score: 5, Insightful
  
  Notice how EVERY DAMNED ONE is a PEBKAC problem?
  No, I don't. And I've given speeches about this very subject.
  The problem is a user interface design problem. The computer lies to the user, a user untrained in computers and thus unable to spot the lie. I'm not talking about the "hot lesbians inside" lie, I am talking about the lie where the user intends to do one thing, instructs the computer to do it, and the machine does something entirely different without telling the user.
  The computer displays an icon indicating that something is a video. User clicks on it, intending to watch a video. Instead, a program is executed and installs malware on the machine. There are so many design failures here, it is painful:
  * false information about the nature of the object
  * bad interface design not allowing the user to express his action clearly (clicking on an action has context-specific meanings)
  * bad ACL allowing an unintended action to have even more unintended consequences
  * bad feedback to the user as to what is actually happening
  To abuse a car analogy - malware is like a CD that you put into your CD player in your car and it makes a copy of your car keys and when you're driving past the next post office, mails it to someone in Poland.
  And you are blaming the driver. Seriously?
  The real solutions are a little less convenient than simply blaming the user. They require thoughts, intelligence, lots of testing inside and outside the lab, to find better user interface paradigms. One that, for example, allows the user to make a difference between "show me this document" and "run this program". And a change in mindset that moves away from the "users are stupid, let's not bother them with the difference between documents and programs" to "actually, it turns out that with a bit of training, people do understand the difference between the switch that controls the lights and the one that controls the windshield wipers".
  It also requires smarter technology that can really undo actions. When software installs follow the change set concept, then we are getting somewhere.
  There's a lot more, and I don't claim to have even the majority of the answers, much less all of them. But I do know that we've been asking the wrong questions for way too long. I have about a dozen pieces of the puzzle that I've researched in depth, and in all cases it turns out that stupid users is not the root cause.
  In fact, IT security would be a lot better off if it were to simply accept stupid users as a fact, just like limited memory and damaged network packages and find ways to work with them without falling over. You know, the Ping of Death was really, really embarassing. Most of IT Security is much like it.
  And yes, I know what I'm talking about, I do this for a living, I give speeches about it, I've been doing research on this for over a decade. If you're in Europe, you can hire me on this.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
8. Re:DSNChanger??? by Culture20 · 2012-07-07 22:29 · Score: 4, Informative
  
  No one sees the ".exe" extention except those of us who turn extension-hiding off. IzNotBugIzVideo.exe uses a video icon, and the same action (double clicking) plays videos and runs executables.
9. Re:DSNChanger??? by FormOfActionBanana · 2012-07-08 00:53 · Score: 2
  
  What would someone in Poland do with my car keys?
  
  --
  Take off every 'sig' !!
10. Re:DSNChanger??? by synapse7 · 2012-07-08 01:17 · Score: 2
  
  find better user interface paradigms
  
  Probably have better luck with hoping for better security.
11. Re:DSNChanger??? by murder_face · 2012-07-08 01:21 · Score: 0
  
  Build a car that works with them
12. Re:DSNChanger??? by Anonymous Coward · 2012-07-08 01:39 · Score: 0
  
  No, sadly the translation is that hairyfeet has NEVER admitted MS software is responsible for problems.
  Probably because reliable computers would mean the end of his business.
13. Re:DSNChanger??? by Tom · 2012-07-08 02:23 · Score: 1
  
  You're not from Europe and it shows.
  Over here in Europe, the Polish are famous for stealing cars. There's a bit of truth to it - quite a few stolen cars end up in Poland. In fact, I once had a polish girl friend, and she told me that she and her parents didn't leave anything of value inside the car when they were going back home to visit relatives, and were quite concerned with having their car stolen there.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
14. Re:DSNChanger??? by metrix007 · 2012-07-08 02:29 · Score: 1
  
  I like and agree with most of what you said, but one small part jumped out at me.
  
  "actually, it turns out that with a bit of training, people do understand the difference between the switch that controls the lights and the one that controls the windshield wipers".
  See, it isn't that hard, even for non expert users to understand the difference between a program and a document. Is it so hard to turn on file extensions and see that despite the movie file icon, it is an exe and so a program?
  You can only blame the paradigm so much. When users don't care about getting even simple thigns right, then it seems less of an issue with the paradigm and more an issue with users being willfully stupid.
  
  --
  If you ignore ACs because they are anonymous - you're an idiot.
15. Re:DSNChanger??? by fast+turtle · 2012-07-08 03:49 · Score: 2
  
  The first step is actually the easiest if MS would get off their stinking ass and change a single default behavior as the OS Should Never - I say Never Hide any file extensions by default. This is the first setting I change on any window box I touch. It's not much but by god it helps the user detect that something is lying about what it is. Of course the PEBKAC still exists if the user doesn't pay any attention to the extensions - Seems that many americans now have less attention span then a damn Gnat. God help the internet.
  
  --
  Mod me up/Mod me down: I wont frown as I've no crown
16. Re:DSNChanger??? by Teun · 2012-07-08 04:11 · Score: 3, Insightful
  
  Is it so hard to turn on file extensions and see that despite the movie file icon, it is an exe and so a program?
  Who is the irresponsible idiot that hid the extensions in the first place, maybe it was the same that had by default auto start enabled on .inf files?
  Yes MS I'm blaming you for bringing up a generation of clueless, at least in the DOS days we still knew what an extension stood for!
  
  --
  "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
17. Re:DSNChanger??? by strikethree · 2012-07-08 04:42 · Score: 1
  
  Every few months or so, I see a post that deserves to be modded higher than the system allows because of the truths and insights presented. *sigh*
  You nailed it. Hard. Respect to you kind sir.
  
  --
  "Someone needs to talk to the tree of liberty about its ghoulish drinking problem." by ohnocitizen
18. Re:DSNChanger??? by Anonymous Coward · 2012-07-08 04:47 · Score: 0
  
  I was just in Gdynia last week, and Toru last month.
  Based on the technology I saw available, I think the only thing a Polish recipient could do with my car keys is melt them for scrap metal, or (as another poster has already pointed out) build a car to use the keys in.
19. Re:DSNChanger??? by FormOfActionBanana · 2012-07-08 04:49 · Score: 1
  
  Grr, stupid iPhone.
  Toru -> Toru
  AC -> FormOfActionBanana, "not from Europe and it shows"
  
  --
  Take off every 'sig' !!
20. Re:DSNChanger??? by FormOfActionBanana · 2012-07-08 04:50 · Score: 0
  
  WTFing F???
  Toru -> Toru -> http://en.wikipedia.org/wiki/Toru%C5%84
  
  --
  Take off every 'sig' !!
21. Re:DSNChanger??? by jasomill · 2012-07-08 04:51 · Score: 1
  
  "Untrained in computers?" How many *nix admins do you know who either always run sudo from an absolute path, or who enforce "write xor execute" on all filesystems for any user accounts authorized to run with elevated privileges?
22. Re:DSNChanger??? by Tom · 2012-07-08 04:57 · Score: 1
  
  That's a solution requiring technically informed users.
  I propose something different: Icon markings. Executable files should have some kind of visual clue that can not be faked and is added by the OS and only to executable files. A designer will have to work out the best option there. For this example, assume that it is a glow - executables glow, nothing else can ever glow, there is no way to make other symbols glow.
  Users could be trained to look for that cue, that something that glows is a program, no matter what it otherwise seems to be, and that if an alleged image glows then it isn't an image.
  Of course, that's a workaround. The real fix would be to realize that the metaphor is wrong that opening a program and opening a document are the same thing, because they aren't.
  Imagine that nobody had ever thought of making a click do two different things. Imagine that from day one, we would have agreed that left click opens a document file, while right-click runs a program. All of those stupid e-mail attached trojans would fail, because the users would left-click them, expecting a picture or word document, and they would get their picture viewer open or word, showing them that the file is corrupted. They'd be none the wiser that it is a trojan, but a) they would not have been infected and b) it is highly unlikely that they would try to right-click it.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
23. Re:DSNChanger??? by KingMotley · 2012-07-08 05:18 · Score: 2
  
  I have to agree with hiding the file extensions is a stupid idea, and yes, I turn that off as one of the very first things I do when I touch a computer.
  Less attention span has very little to do with Americans and just people in general. It comes from the multitasking that the younger generation gets thrown into. They just can't pay attention to any single one thing for a decent amount of time. They are so used to juggling 5 things at once, and the human brain just doesn't multitask well for 98% of the people out there; I did read that around 2% (numbers aren't accurate, but it was indeed a small percentage) of people can actually multitask 2 things at once with little degradation of performance in either task, but it didn't say how good they were doing those tasks to start with.
24. Re:DSNChanger??? by defaria · 2012-07-08 05:19 · Score: 1
  
  Are you really this stupid? They actually pay you to make speeches about technology and this is what you give them. Here's a clue - *EVERY* action on a computer involves running some code. Even the "Show me the document" involves running code. The bad guys will use whatever they can to hide themselves and lie to the user. You're stupid suggestions do nothing to make this better. Making the user aware that they run a program to view a document will change nothing. They will simply drop context that they have to run a program and they will merely view is as they are viewing a document. You don't know how many times I have to inquire again and again as to what program they are actually running - even when they have to first run the program to view the document. They still don't know and they don't care. Viewing the document is all they think of. There will always be stupid users and they will always outnumber smart ones - just like there will always but stupid Europeans trolling the net looking for work selling their ill-formed opinions.
25. Re:DSNChanger??? by KingMotley · 2012-07-08 05:20 · Score: 1
  
  Windows and OS/X -- or roughly 99.8% of the PCs out there.
26. Re:DSNChanger??? by KingMotley · 2012-07-08 05:25 · Score: 1
  
  I know that we don't see eye-to-eye on many topics hairy, but I'm definitely with you on this one -- mostly.
  Computers have gotten easy enough to use that most people think they can operate one. These types of things didn't happen 25 years ago when people using computers actually knew what they were doing. It's not that users are stupid, because most of them aren't. It's just they don't know enough about their computer to keep themselves out of trouble, and they have no real incentive to learn before trying breaking stuff. Of course it's guys like you in your line of business that have to clean up after them as they learn the hard way.
27. Re:DSNChanger??? by hairyfeet · 2012-07-08 06:41 · Score: 3, Insightful
  
  I'm sorry but he's full of shit because he is still pretending everyone has WinXP when in Vista and Win 7 there is UAC WARNINGS before you launch executables but NO warning before you just play a video.
  And perhaps you both better read what I wrote again because in damned near every case the AV TRIED to stop them, did everything but yank the damned keyboard away, but they simply refused to listen (or in the case of the "New Limewire" guy) actively REMOVED THE ANTIVIRUS TO ALLOW THE MALWARE IN.. Now you tell ME friend, short of an Apple style "You may do nothing without corporate approval" style iOS can you stop that in ANY way by changing any part of a UI?
  The answer is you can't, because its NOT a UI problem, despite the "ZOMG HAIRY WORKS FOR M$" troll we had in this thread, its a dancing bunnies problem where the user KNOWS what they are doing is risky, they KNOW there is a more than average chance at infection, but for free movies/music/porn/stuff they simply DO NOT CARE and will happily help the malware writer remove any and all roadblocks that get between them and the prize. so I'm sorry, but you can't fix a user problem with a tech solution, it just doesn't work unless you take away all the rights and give them thin clients.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
28. Re:DSNChanger??? by hairyfeet · 2012-07-08 06:55 · Score: 1
  
  You are missing the point friend in that they do not NEED to see the extension because while it is an executable the AV will be SCREAMING at them "Don't run that!" and they will DO IT ANYWAY because they want the porn/music/video/kitty screensaver.
  Here let me give you an example, a real swear to God that happened in a small business I was working at setting up some systems: ME "Do NOT run that! Its a password protected zip with the password in the email! Its a Virus!" Velma "Oh you worry too much, its from my BFF Kim, see her name right there? Oh and it says its kitty pictures, i love kitties!" ME:"It is NOT from your BFF Kim because I KNOW KIM and she wouldn't have a clue about how to set up a Pword protected zip!" Oh you are just paranoid, stop drinking so many colas!" /Velma promptly ignores me, runs contents of zip, next thing here comes the pop ups/ "Velma:oops... ME..........
  And NOW do you see why extensions doesn't help? if the AV is saying NO and an honest to goodness human with years of experience is saying HELL NO and they do it anyway, how in the hell are you gonna stop them with extensions? Even the dumbest moron knows there is free AV out there, but that doesn't help if they ignore it if it gets between them and the "goodies" the malware writer is offering, as they will disable or even uninstall the AV if that is what it takes. Its PEBKAC friend, tech can't fix that.
  Oh and the ONLY reason I was pointing out the extensions is that IE WILL LET THEM SEE THE FULL NAME including the extension as they download and they STILL ignore it, they just don't care.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
29. Re:DSNChanger??? by nmb3000 · 2012-07-08 07:14 · Score: 1
  
  That's a solution requiring technically informed users.
  It's nice to see someone else who doesn't see showing file extensions as some kind of panacea for computer issues. It really wouldn't help at all.
  
  I propose something different: Icon markings. Executable files should have some kind of visual clue that can not be faked and is added by the OS and only to executable files.
  I like this idea, but it seems like an unsolveable problem: How do you decide what is "executable" and what isn't? Sure, there are well-defined executable binaries for each operating system, but there are also a myriad of other ways you can run code. Whether it's a Bash script, VB script, embedded macro of some kind, etc. In Windows, the shell (Explorer) runs ShellExecute on the file to invoke the filetype's registered handler -- how would it know ahead of time what that handler might do? I could display an image or it could load embedded bytecode and run it through an interpreter.
  And, on Windows at least, this "glow" already exists to some extent. Files downloaded through most (all?) browsers these days are given the "mark of the Internet", and alternate data stream tag that says "this came from the web". When a user runs a program (or certain other file types), a dialog box is displayed that says "Warning! This is an untrusted program that may break your computer!". Users simply ignore this -- will a glow be much different?
  
  Imagine that from day one, we would have agreed that left click opens a document file, while right-click runs a program. [...] it is highly unlikely that they would try to right-click it.
  I think I have to disagree with you on both counts here. First, because even if systems had been designed that way at the beginning, they would have evolved to what we have today. The reason is simplicity: We simply want the computer to "open" whatever it is we're interested. I don't want to be bothered every time, trying to decide if the file I'm looking at falls under "document" or "program". Say, for example, an HTML file. It's a "document", sure, but it also may contain various forms of scripting which falls (or should) under "program". Computers are supposed to take care of easy repeated tasks, surely knowing how to display a given type of file falls under that.
  Second, and partially because of the first, I think users would very quickly train themselves to start right-clicking anything that didn't work when they left-clicked it. Download a good program and left-click it by habit -- oops, didn't work, hmm, try right clicking -- it works. Now they download an evil cat picture and left-click it -- oops, that didn't work, hmm, try right-clicking -- it works (and they're now infected).
  Humans are very good at making deductive steps towards solving a problem -- "I tried left-click and that didn't work, but I know that right-clicking also does things to files I download, I will try right-clicking. It worked, therefore right-clicking is the answer when left-clicking doesn't work. Stupid computers, why are they so hard to use?" -- and then the whole system is void. If you observe users trying to figure something out, you quickly see they come up with all sorts of odd and unusual ways of going about it, just because "that's what works".
  Fundamentally it comes down to understanding the separation of the two kinds of files and why it's important to treat them differently. This requires technically informed users -- the very same flaw as simply displaying file extensions.
  
  --
  "What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
  /)
30. Re:DSNChanger??? by Stan92057 · 2012-07-08 07:24 · Score: 1
  
  The really really popular one.
  
  --
  Jack of all trades,master of none
31. Re:DSNChanger??? by Anonymous Coward · 2012-07-08 07:33 · Score: 1
  
  How many people cried out to take away extensions when using XP? I'm sure this is just another case of corporations pushing 'the users are stupid', either because they think that sells or they desperately want to make it true.
32. Re:DSNChanger??? by platypussrex · 2012-07-08 08:03 · Score: 1
  
  And yes, I know what I'm talking about, I do this for a living, I give speeches about it, I've been doing research on this for over a decade. If you're in Europe, you can hire me on this.
  Wouldn't life be wonderful if everyone who made speeches knew what they were talking about? What part of dancing bunnies is eluding you? Sure some users are morons, but the rest will do about anything to see those bunnies.
33. Re:DSNChanger??? by metrix007 · 2012-07-08 08:21 · Score: 1
  
  The problem is that your anecdote is not necessarily as representative as you seem to think it is.
  Many AV's WILL report P2P programs as malware when this is not the case. McAfee lists TPB as a malicious website. "New Limewire" does indeed sound like malware (despite me being able to find NO references to any software by that name), but are you sure the AV wasn't just blocking non malware p2p software the user wanted to install? Just because the AV says something is malicious does not make it so.
  I agree that the problem is more to do with users than UI, although I think both play a part. I think probably the largest problem is people may understand the problem, but not the consequences. Especially these days when malware tends to spy or operate in the background and is no longer inherently destructive. A user may want their PC to work the way they want it to, and may accept being spied on or being part of a botnet as acceptable, because they don't understand the consequences.
  
  --
  If you ignore ACs because they are anonymous - you're an idiot.
34. Re:DSNChanger??? by Tony-A · 2012-07-08 08:55 · Score: 1
  
  HOWEVER, there is a difference in attitude between "losers are stupid and should never be informed of the facts of life" and something at least aimed toward making the users more informed.
  If you have a deadly disease, there is a difference between the doctor knows the name and refuses to tell you that name and the doctor tells you the name but you are not competent to understand the terms. Me I prefer the latter.
  Hiding file extensions does not do EVERYTHING to help out the bad guys, but it does draw a line in the sand as to where Microsoft stands regarding informed victims of its software.
35. Re:DSNChanger??? by pentalive · 2012-07-08 09:09 · Score: 1
  
  What if you can never execute programs directly. You can only open documents, the UI only presents documents. Open a document and it's program is launched. When programs are installed blank documents are also installed in a "stationary store" of some sort, and protected.
36. Re:DSNChanger??? by Anonymous Coward · 2012-07-08 09:24 · Score: 0
  
  A malicious program lies about what it does?!
  A computer is a machine. People who think a machine has any sort of inherent benevolence or honesty towards users, rather than doing whatever stupid shit it is programmed to do, are going to be the first against the wall come the robot uprising. They certainly shouldn't be owning computers.
37. Re:DSNChanger??? by Tom · 2012-07-08 09:27 · Score: 3, Insightful
  
  Here's a clue
  You think that I could study computer science without realizing that? What you don't realize is that there is an important difference in running a known application and having it open a file and running an unknown application. Secondly, that there is a difference between running an application when you want to and know that you are doing so and running an application without realizing that you are doing so.
  
  The bad guys will use whatever they can
  That, exactly, is the point. Why do we give them so many ways to use?
  
  You're stupid suggestions do nothing to make this better.
  Sorry to burst your babble, but some of "my" suggestions aren't my own inventions but are from peer-reviewed articles that show they do have the desired effect. Unfortunately, much of this has never gone beyond prototype stage, because the major OS vendors aren't accepting the responsibility, either don't give a fuck (MS), are too focused on not breaking the consistency of their design (Apple) or are run by geeks who don't understand user interface design (Linux).
  
  Making the user aware that they run a program to view a document will change nothing.
  I see you are one of the people who believe that user awareness is the problem. It isn't. The futility of user awareness trainings, which we in the IT security industry have been running for decades to little effect, should've made clear that this isn't true.
  
  There will always be stupid users and they will always outnumber smart ones
  There is no such thing as a stupid user. Every time an IT security person uses the word "stupid user", he is trying to draw attention away from his own failures. I have done root cause analysis on "stupid user" topics, and I can show you a deeper cause for every issue commonly attributed to "stupid users".
  Your attitude towards users is one of the reasons that things are as ugly as they are. If car makers would think the same about drivers, our highways would be slaughter houses and people would dread driving, not enjoy it.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
38. Re:DSNChanger??? by Tom · 2012-07-08 09:51 · Score: 3, Insightful
  
  How do you decide what is "executable" and what isn't?
  Good point, yes. I don't have an answer for that. The reverse would be easier: The system knows what kinds of file types it can handle that are not executables.
  
  Users simply ignore this
  Of course they do. We've trained them for a decade that warning dialogs are a nuissance, nothing important is ever in them, they're filled with techno-babble, and interrupt their work at the worst possible moments and the default option is almost always the one they want.
  
  The reason is simplicity: We simply want the computer to "open" whatever it is we're interested.
  I believe we've been trained to think that way. I remember times when that wasn't true. Early computers didn't have this metaphors. You did not "open" a document from the command line. You ran a program and then opened the file from that program's open dialog. I still remember that opening a document directly was confusing to me at first.
  
  Download a good program and left-click it by habit
  
  But that's today's habit. My thought experiment was assuming that what we have today never happened, so this habit has never formed.
  
  Fundamentally it comes down to understanding the separation of the two kinds of files and why it's important to treat them differently. This requires technically informed users -- the very same flaw as simply displaying file extensions.
  I do believe that users aren't that stupid - you just have to speak their language. File extensions and binary code isn't their language.
  What we need are better metaphors. The ones we have suck. Humans are fantastic at applying metaphors. I'm not a linguist except by interest, so I don't think I can come up with the solution. But I've done enough research to believe that the solution lies somewhere in that direction.
  It'll be a jump, one we can hardly imagine. Like multitouch - it seems to natural and obvious now that we've had it for a while, but 20 years back it wasn't obvious in the least. Gestures? Please. Go back 30 years and try to explain gestures to the C64 home computer crowd. A mouse was revolutionary in those days.
  I believe we will solve this on the user interface design front, and then we'll look back and wonder how we could ever be so stupid.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
39. Re:DSNChanger??? by Tom · 2012-07-08 09:54 · Score: 1
  
  Doesn't work because you have quite a few programs that do not work with documents. Screensavers, utility programs (say, Quicksilver, Dropbox, etc.) and others.
  Also, you have programs where documents are secondary at best. Most network tools (browser, e-mail, etc.)
  
  --
  Assorted stuff I do sometimes: Lemuria.org
40. Re:DSNChanger??? by Anonymous Coward · 2012-07-08 17:41 · Score: 0
  
  UAC WARNINGS
  One of the most useless, uninformative, unproductive computer messages there is.
  so I'm sorry, but you can't fix a user problem with a tech solution,
  People do it all the time. e.g. physical locks. M$ has been using this patheic excuse for decades to cover up their own incompetence (actually, willingness to profit more at the expense of pretty much everybody else) and it's sickening. They've raised two entire generations of people who think it's their own fault if their computer crashes or is infected. Even their current computer security iteration (so-called trusted boot) is more of the same. All about a small increase in profit to them at a large increase in cost to everybody else.
41. Re:DSNChanger??? by Deekin_Scalesinger · 2012-07-08 17:55 · Score: 0
  
  You nailed it. Hard. Respect to you kind sir.
  That's what she said!
  
  *ducks at incoming Karma hit, but I couldn't let this one slide*
  
  --
  "As the intrepid kobold companion continues his journey, he begins to wonder... if priests raises dead, why anybody die?
42. Re:DSNChanger??? by Rainbowdash · 2012-07-09 02:55 · Score: 0
  
  So what do you do when I add a picture to my files that makes it seem like they glow?
  If something is possible on an icon it's possible on every icon.
  
  I would NEVER EVER use a computer where I cannot root it if I need to.
43. Re:DSNChanger??? by kaatochacha · 2012-07-09 02:59 · Score: 1
  
  *clap clap cap* This.
44. Re:DSNChanger??? by Rainbowdash · 2012-07-09 03:08 · Score: 0
  
  Try this for a change:
  
  Update users mail client after user has been asking for it for 1year non-stop saying it's so much better.
  
  1st hour after updating mail client.
  "This mail sucks, the cursor goes down instead of up when I'm deleting an e-mail, this makes me delete e-mails I don't want to delete!"
  
  2nd hour after updating mail client.
  
  "The calendar is at the wrong place, the button is supposed to be on top, not on the bottom."
  
  HOW IS THIS NOT A STUPID USER?
45. Re:DSNChanger??? by kaatochacha · 2012-07-09 03:15 · Score: 1
  
  But you're not getting it. She's ignoring the warnings BECAUSE she's been conditioned to. Even "dumb" people get conditioned to this.
  Using an obviously ill stated car analogy: If your warning light on the car was broken, and every time you started it it came on, but your mechanic told you it was just a faulty warning light, you'd ignore it. You're busy, and it would cost too much to fix.
  Then another one does the same, and you check on it, and the mechanic tell's you again to ignore, or pay 2000 to fix it.
  And one day, a light comes on, you ignore it, and the engine explodes.
46. Re:DSNChanger??? by kmoser · 2012-07-09 04:18 · Score: 0
  
  No, it's still "hacking", albeit illegal. "Cracking" usually refers to breaking copy-protection schemes.
47. Re:DSNChanger??? by kmoser · 2012-07-09 04:21 · Score: 1
  
  News flash: people in NYC do the same thing. Not because they fear their car will end up in Poland, but because they fear it will be broken into, their possessions will be stolen, and the car might even be taken as well. Whether it ends up in Poland or a Bronx chop shop is irrelevant.
48. Re:DSNChanger??? by kmoser · 2012-07-09 04:28 · Score: 1
  
  Executable files should have some kind of visual clue that can not be faked and is added by the OS and only to executable files.
  Technically any file is executable in the sense that when you double-click it, the OS may launch an associated app. For example, if you double-click a PDF file your OS usually launches a PDF viewer. And if we're talking Adobe Reader, you're potentially asking for a world of hurt if the PDF file contains an exploit. So you either have to warn the user every time they're about to launch an executable (in which case they will ignore the warning since it pops up every time), or only the first time. And then virus writers will program their malware to strike only upon second launch. So your scheme is still useless.
49. Re:DSNChanger??? by hairyfeet · 2012-07-09 04:29 · Score: 1
  
  Dude I offer to install P2P for them if that is what they want so that is NOT the problem, all they have to do is ask and they'll have BT, Gnuc, eMule, whatever, as long as they don't expect me to support it it is their PC and I'll give it to them and make it clear I will. The "New Limewire" bit was right after they closed the real Limewire and a bunch simply refused to accept that LW was dead and downloaded "New Limewire" which was a Gnuc package loaded with trojans.
  And how do you explain the "ZOMG U got teh viruz!" installs of Security Tool and AV20xx? Every single machine that leaves the shop has either Avast or Comodo IS installed which will TRY to warn them but again they ignore it. Or the "porn codec" bug? I actually had to find a bug free porno site just to keep certain customers from constantly falling for that one. Again the AV TRIED to stop them, but they'd rather have the titties so they ignored it.
  Finally its not that they they "don't understand the consequences" it is that the "prize' of free music/movies/porn/whatever is worth MORE to them that a clean PC. Its the classic dancing bunnies problem that simply can't be solved with technical means because the users wants the bunnies MORE than they want the clean PC. Believe me friend, i've seen it a million times, all they have to do is offer the right bunny and the users will happily destroy any and all roadblocks you put in to see the bunnies. Every time a new Twilight comes out at least a half a dozen females will get infected by running "Twilight (name of movie) player.exe" and in every damned case the AV practically tried to jump on the keyboard to stop them and they ignored it, not because of any P2P blocks but because they wanted to see the new Twilight for free more than they cared what the AV said.
  With all the money spent each year to patch holes and deal with user stupidity, don't you think MSFT and the AV vendors would LIKE to be able to stop this? Imagine the sales of a "user proof" AV, that corp would be richer than God, but there simply isn't a way to ward off a user fighting for the malware unless you stuff them into a walled garden and refuse to let them do anything without permission from an outsider, and most simply won't put up with that.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
50. Re:DSNChanger??? by hairyfeet · 2012-07-09 05:25 · Score: 1
  
  How has she been conditioned to ignore ME, sitting right exactly there, telling her "Its a fucking bug!" and pointing out the person sending her the bug wouldn't have the skills to send a real anything that way?
  In the end friend it has NOTHING to do with conditioning and everything to do with the dancing bunnies problem which is as old as the hills. The user WANTS the bunnies, you try to stop them from getting the bunnies she/he WILL IGNORE YOU and do whatever it takes to get the bunnies, simple as that. You can show file names, have the AV show a picture of Goatse with an arrow pointing to it saying "This is you if you run that" and it will not matter because they WANT the bunny dammit!
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
51. Re:DSNChanger??? by akpak · 2012-07-09 06:38 · Score: 1
  
  You're talking a lot of sense here. As a user support person, my life gets a million times easier when I remember to see my users not as stupid, but as inexperienced. I remember that I can't do their jobs, so I shouldn't expect them to do mine and have the same level of comfort and education with IT systems. In nearly every case where the user is interested in the "why" something isn't working, they can understand it.
52. Re:DSNChanger??? by Crosshair84 · 2012-07-09 09:13 · Score: 1
  
  Tape a copy of the repair bill to the side of their monitor with the total in large font.
53. Re:DSNChanger??? by Tom · 2012-07-09 11:02 · Score: 1
  
  in Vista and Win 7 there is UAC WARNINGS
  UAC has one and only one actual effect that has been verified by independent researchers: It trains people to ignore warning dialogs. I'm not joking, that is literally the result of studies done on the subject.
  So, you were saying?
  
  Now you tell ME friend, [...] can you stop that in ANY way by changing any part of a UI?
  Yes, you can. Chameleon was a university prototyp designed specifically to deal with the malware download issue not by technological, but by UI means. That's just one example I can cite right away. If you research the topic a bit, you will find many ideas that have, at least in the lab, been shown to at least improve the situation, sometimes considerably.
  If you're looking for a magic bullet, then I'm sorry, all I can offer you is the harsh truth of IT security: There are no magic bullets.
  
  because its NOT a UI problem,
  Says who, based on what studies?
  HAISA (Human Aspects in Information Security Assurance) is a relatively new field, and as far as sciences go, quite immature (Stanton, "Empirical vs. Non-Empirical Work in Information Systems Security", 2007 - if I ask for studies, I should provide some for my points). As such, there is still a lot where we don't know, are partially or totally guessing, or have incomplete data. One thing we do know, however, is that in a THS triangle, only a small subset of security issues rest strongly in the "technology" corner. Many security issues are partially or strongly influenced by human and/or social factors. It stands to reason - and many studies, experiments and prototypes support the theory, e.g. the one outlined above or a couple of those listed in my keynote "Security & Usability" (DFN-CERT Workshopband, ISBN 9-783844-806885), that user interface improvements do have a measurable impact on those.
  
  I'm sorry, but you can't fix a user problem with a tech solution
  It's not a tech solution. It's a user (interface) solution. Just above you complained that it's not a UI problem, now it suddenly is a user problem. I'm sure you know what the "U" in "UI" stands for, so please make up your mind.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
54. Re:DSNChanger??? by Tom · 2012-07-09 11:06 · Score: 1
  
  They certainly shouldn't be owning computers.
  Welcome the the 21st century, I hope you had a restful cryo sleep. They should have told you in debriefing that this sentiment went out of business 10 years ago.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
55. Re:DSNChanger??? by Tom · 2012-07-09 11:20 · Score: 1
  
  The dancing bunnies was an interesting blog idea with a good punchline and made a really good summary for a well-known problem. It is always worth to stop and think about it.
  It is not, however, absolute truth from on high. It's a simplified aphorism on a real problem. Don't judge actual research against aphorisms. The funny thing about researching humans is that more often than you think, the truth is counter-intuitive, more complicated than everyone thought, or just outright strange.
  For example, Miller and Wu ("Fighting Phishing at the User Interface", 2005) made a study where the change of a dialog element from buttons to a short drop-down list dropped the error rate of users from 30% to zero.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
56. Re:DSNChanger??? by Tom · 2012-07-09 11:23 · Score: 1
  
  Technically any file is executable in the sense that when you double-click it, the OS may launch an associated app.
  You may have noticed in my posting that this is what I consider the root cause issue - the one action (a double-click) can cause different things based on intransparent dependencies.
  I'm not trying to solve all security issues with one stroke, that's impossible. I am showing an idea for one specific problem to demonstrate that solutions exist, we don't have to take some stupid idea some idiot once had up the arse for all eternity.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
57. Re:DSNChanger??? by Tom · 2012-07-09 11:25 · Score: 1
  
  So what do you do when I add a picture to my files that makes it seem like they glow?
  If something is possible on an icon it's possible on every icon.
  Nonsense. I can easily add some kind of effect to icons OS-side that is disallowed or technically impossible within the icon itself. For example, something that extends beyond the visual space of the icon itself, or a marker that is displayed next to it.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
58. Re:DSNChanger??? by Tom · 2012-07-09 11:29 · Score: 1
  
  I know nothing about you except those few sentences and yet I'm sure that the users you support like you more than they like the geeky guy who tells them they're stupid idiots - even if he is better on the technology.
  And I'm sure they are more likely to tell you what they actually did when it broke than give the usual "nothing" excuse.
  That's the part the too many security people don't get - that trust is something that is built in mutual respect. Many security people are right in distrusting the user - because the users are in fact distrusting their security people.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
59. Re:DSNChanger??? by Tom · 2012-07-09 11:30 · Score: 1
  
  HOW IS THIS NOT A STUPID USER?
  What part of his complaints do indicate a low intelligence? I agree with you that he's a PITA and probably whining for no reason, and whatever else you want.
  But I don't see indications of stupidity. Maybe you are using that term in an exceptionally broad sense for everything you dislike about users?
  
  --
  Assorted stuff I do sometimes: Lemuria.org
60. Re:DSNChanger??? by hairyfeet · 2012-07-09 11:44 · Score: 1
  
  Well you would THINK after me handing them the bill a couple of times they would get a fucking clue and at least call or email me before doing something REALLY stupid, but instead I've found it settles quickly into one of 2 camps. 1.-The ones that listen to me, which run year after year without needing me for more than hardware upgrades. i like these customers a lot, even though I make less money off of them, because they are just so easy to support. I tell them what is bad, point them to what is good, and they listen, its nice.
  The other camp simply ignores everything I say, and after clicking ignore enough times on the AV ends up with more viruses than a Bangkok whore on coupon night. The totally gobsmacking batshit part? they will simply KEEP USING THE INFECTED PC until it simply won't run anymore and THEN bring it to me. They of course make me more money but every time you get spam, have your internet slow to a crawl because of the latest worm? you can lay the blame at these bozos, because in the end nobody is gonna keep them from that free movie/music/porn/ screensaver dammit!
  Just as a test I gave one of the "must have teh tittiez!" customers Mepis, just to see if the vaunted Linux security would keep Goober from shitting on the PC, did it work? Nope, he made it unbootable in less than a week, how? He decided he didn't like the package manager and just Googled "Linux programs" and got enough crap off of Freshmeat (boy is THAT name perfect) to put the entire system in dependency hell...sigh.
  In the end you just can't fix stupid, you just can't. You can try to lessen the damage the average mouth breather can do but in the end you'll end up having to clean up the mess, because some will simply NEVER learn or worse think they are smarter than they are, but in either case shit will be broke and malware will spread, all you can do is clean up the messes.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
61. Re:DSNChanger??? by metrix007 · 2012-07-12 23:41 · Score: 1
  
  OK, this is a short reply, since you seem to have misunderstood my last reply. Even though you are not actually disagreeing with me.
  It isn't a dancing pigs problem(the more common name), because the user is not aware of any breach of security.
  It doesn't matter what the AV says. AV's lose credibility when they report non-malicious stuff as malicious. As I said, McAfee counts aircrack and thepiratebay as malicious. If you know enough to know thepiratebay is not malicious then your AV loses credibility.
  The reason it isn't a dancing pigs problem is because the user does not understand the consequences. They are not making a choice to choose pigs over security, because security does not come into the equation. They can be part of a botnet, but it doesn't affect them in anyway. They don't notice a slowdown, don't lose access to their documents etc.
  The consequences here are that they are participating in DDoS attacks, potentially having their passwords farmed so spam is sent from their accounts, maybe cc numbers, etc. But, most of the time it doesn't affect them directly, so they are not aware of it.
  It isn't like 10 years ago where malware would fuck up your documents and programs. These days there is generally little sign to the end user, which is why they are not aware of the consequences, because they don't even know that anything is happening. Regardless of what the AV says, which is not trustworthy anyway.
  Oh, and a tip might be to stop giving customers Avast which is overly loud and noisy and tends to freak people out or make them ignore the warnings. Give them MSE instead.
  
  --
  If you ignore ACs because they are anonymous - you're an idiot.
62. Re:DSNChanger??? by pentalive · 2012-07-17 17:00 · Score: 1
  
  Screensavers are run by the OS not by the user.
  Dropbox client (and that ilk) are also a service that gets run by the OS. Put a new item in the control panel to setup what gets synced.
  Your browser hides - it's documents are web-links.
  Your email hides, its documents are emails. They just appear in the inbox folder, you can move them to other folders, to send an email - double click the "Untitled Email" document in the store.
  Things like 7zip work on document by left clicking the document.
  Printing can be done this way as well, it actually just opens the handling application but it also autoloads the document, triggers a standard print, then closes the document and quits the application
Or... by Anonymous Coward · 2012-07-07 15:05 · Score: -1, Troll

Or I can look at the Apple logo in the upper left of my screen and know I'm not infected.
1. Re:Or... by Anonymous Coward · 2012-07-07 15:08 · Score: 4, Informative
  
  Zzzz, when will the ignorant Apple trolls get bored of these things?
2. Re:Or... by Johnny+O · 2012-07-07 15:12 · Score: 5, Informative
  
  http://techland.time.com/2012/04/23/dnschanger-fbi-warns-infected-computers-will-lose-web-email-access-in-july/
  "DNSChanger targets Windows or Mac systems (Linux, iOS and Android users are in the clear) by manipulating Domain Name Servers (DNS), which translate syntax-based URLs into IP addresses. "
3. Re:Or... by Anonymous Coward · 2012-07-07 15:15 · Score: -1, Troll
  
  What was ignorant about my comment?
  It is fact that DNSChanger does not infect OSX. It doesn't infect iOS. It doesn't infect Linux, or BSD, or Amiga, or Android, or BeOS, or Plan 9, or Chromium, or OS2, or Solaris, or EMACS. I happen to be running one of the many OSs it does not infect.
4. Re:Or... by qwertphobia · 2012-07-07 15:20 · Score: 5, Informative
  
  What was ignorant about my comment?
  It is fact that DNSChanger does not infect OSX. It doesn't infect iOS. It doesn't infect Linux, or BSD, or Amiga, or Android, or BeOS, or Plan 9, or Chromium, or OS2, or Solaris, or EMACS. I happen to be running one of the many OSs it does not infect.
  Seriously? https://www.google.com/search?q=dnschanger+osx
  
  --
  Never ask for directions from a two-headed tourist! -Big Bird
5. Re:Or... by Anonymous Coward · 2012-07-07 15:23 · Score: -1
  
  So what? I'm supposed to be impressed by what the FBI says? They shut the system down. Caught the guys. Have the program itself. Still don't mean they know shit about shit. I know shit about shit. It doesn't infect MACS! Period. Jobs told me so in a dream.
6. Re:Or... by Eyeball97 · 2012-07-07 15:24 · Score: 4, Funny
  
  iNo, iBut iYou iAre iNfected iWith iThe iFanboi iTroll iVirus, iWhich iS iNfinitely iMore iAnnoying...
7. Re:Or... by chrismcb · 2012-07-07 15:33 · Score: 1
  
  Are you sure? You may not be infected by this particular one, but it doesn't mean you aren't infected
8. Re:Or... by wkcole · 2012-07-07 15:35 · Score: 5, Informative
  
  Simply false. DNSChanger can infect Windows, MacOS, and many consumer-grade routers that provide DNS or DHCP.
  What's special about MacOS infections is that the user has to be an ignorant pollyanna to get infected. If I were you, I'd check my DNS config.
9. Re:Or... by Anonymous Coward · 2012-07-07 16:00 · Score: -1
  
  Was it a wet dream he told you that in?
10. Re:Or... by Ziekheid · 2012-07-07 16:06 · Score: -1, Flamebait
  
  Your point being? Just pointing out that you're an elitist "other OS" user? Who cares? It's about the biggest part of the martket being hit, which also happens to be infected most.
  
  I'm not part of that market but your comment is entirely useless nevertheless.
11. Re:Or... by krelvin · 2012-07-07 16:49 · Score: 0
  
  Right... ignorant was the right word.
12. Re:Or... by Anonymous Coward · 2012-07-07 16:55 · Score: -1
  
  And AC got the +5 s/he was looking for
13. Re:Or... by Anonymous Coward · 2012-07-07 16:57 · Score: -1
  
  And AC got the +5 s/he was looking for...
14. Re:Or... by ifiwereasculptor · 2012-07-07 17:09 · Score: 3, Funny
  
  What a great idea! I'll just write a similar wallpaper-based antivirus in MSPaint right now.
15. Re:Or... by Anonymous Coward · 2012-07-07 17:57 · Score: 0
  
  Pollyanna doesn't mean what you think it means.
16. Re:Or... by Anonymous Coward · 2012-07-07 18:57 · Score: -1
  
  Or I can look at the Apple logo in the upper left of my screen and know I'm not infected.
  Mac user? You need to visit the free clinic and get tested.
17. Re:Or... by Anonymous Coward · 2012-07-07 21:29 · Score: 1
  
  Considering he was talking to a Mac user, I believe he meant "Friend of Dorothy."
18. Re:Or... by fatphil · 2012-07-07 21:32 · Score: 0
  
  Or you can look at the Apple logo in the upper left of your screen and masturbate furiously.
  
  Which may be just as useless, but at least is more honest.
  
  --
  Also FatPhil on SoylentNews, id 863
19. Re:Or... by fatphil · 2012-07-07 22:52 · Score: 1
  
  I remember jive and swedish chef, but it seems such "utilities" have fallen out of fashion.
  
  So I hereby present, the iWank filter:
  http://87.119.183.129/perl/rdf.pl
  
  --
  Also FatPhil on SoylentNews, id 863
20. Re:Or... by Sponge+Bath · 2012-07-08 00:05 · Score: 1
  
  I remember jive and swedish chef...
  I plugged a quote from the movie Airplane! into a Swedish Chef translator:
  "thet hunky moost be-a messeeng veet my oold lady"
21. Re:Or... by Anonymous Coward · 2012-07-08 01:23 · Score: 0
  
  I wish I had mod points, I'd give them all to you!
22. Re:Or... by Anonymous Coward · 2012-07-08 01:33 · Score: 0
  
  And saying that people who don't use the same OS as you are elitists tells us how far up your ass your head is.
23. Re:Or... by thePowerOfGrayskull · 2012-07-08 01:43 · Score: 1
  
  Which - when run through GP's i-filter - yields:
  
  iThet iHunky iMoost iBe-a iMesseeng iVeet iMy iOold iLady
24. Re:Or... by Anonymous Coward · 2012-07-08 07:44 · Score: 0
  
  I'm sure he's positive.
25. Re:Or... by Anonymous Coward · 2012-07-08 23:40 · Score: 0
  
  Which - when run through GP's iFilter - yields:
  iFTFY
26. Re:Or... by Rainbowdash · 2012-07-09 03:15 · Score: 0
  
  Actually the one you're pointing out apple released a fix for in 10.6, therefore if your system is updated you're not infected by that specific one. But your point still stands, Apple Machines are as easily infected by a DNS changer as anything else that uses DNSes...
27. Re:Or... by akpak · 2012-07-09 06:40 · Score: 1
  
  Also, it infected a lot of routers... Most people have no idea they should change the default password on their router (as opposed to their wifi network), or that such a password even exists! So a lot of people will *think* their iPhones, iPads, etc are infected when it's the router.
i'm glad i don't use by Anonymous Coward · 2012-07-07 15:07 · Score: 0

a SOHO router or Windows... Currently on a cisco 2901 and arch..... ahhh the good life.
1. Re:i'm glad i don't use by ozmanjusri · 2012-07-07 15:42 · Score: 1
  
  Lawful Intercept, aka your friendly neighborhood backdoor. As used by law enforcement officials and black hats alike.
  
  The term "lawful intercept" describes the process by which law enforcement agencies conduct electronic surveillance of circuit and packet-mode communications as authorized by judicial or administrative order.
  
  http://www.cisco.com/en/US/tech/tk583/tk799/tsd_technology_support_protocol_home.html
  
  --
  "I've got more toys than Teruhisa Kitahara."
2. Re:i'm glad i don't use by Fjandr · 2012-07-07 16:58 · Score: 1
  
  Yeah, I find it amusing when people talk about using enterprise networking gear when they've had legislatively-mandated backdoors installed for many years.
  (Not that the hardware isn't better, just not for that particular reason)
3. Re:i'm glad i don't use by lister+king+of+smeg · 2012-07-07 19:42 · Score: 1
  
  but if they are running on enterprise gear often is also flash-able so you could load a custom Linux or BSD distro and use it as a router without a back door and a good deal of control and customization
  
  --
  ---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
"The internet isn't working again!" by Anonymous Coward · 2012-07-07 15:13 · Score: 0

I think their internet connection will be just fine, it's the DNS that's going to shit the bed. Why does every article make this mistake?
I guess anyone who's stupid enough to get dragged into a botnet wouldn't know the difference though.
1. Re:"The internet isn't working again!" by Anonymous Coward · 2012-07-07 20:28 · Score: 0
  
  I guess anyone who's stupid enough to get dragged into a botnet wouldn't know the difference though.
  That is the exact reason no one is making the distinction. Anyone who is infected will be cut off from the internet because they aren't exactly going to type the IP of Facebook in to their address bar.
OMG!! by Anonymous Coward · 2012-07-07 15:13 · Score: 0

DSNChanger Shut-Down Means Internet Blackout Coming For Hundreds of Thousands
No. It means some folks with powned windows boxes will finally realize there is an issue, and call one of their friends/family to fix things for them. There was no reason to keep DNS service for these folks to begin with. Or, if they really were scared of taking some windows zombies off the net, they could have taken things down for a week, then brought their DNS back up and seen how many fewer users were hitting their DNS servers-- then make the decision on whether or not to down the replacement DNS. I bet in one week without the DNS working, they would have gone down to fewer users than all these months that have passed.
Why did this do it this way? by Anonymous Coward · 2012-07-07 15:14 · Score: 0

Why didn't they have Google Public DNS take over the IPs that were used by the bot net (or something)?
1. Re:Why did this do it this way? by Dan541 · 2012-07-07 15:17 · Score: 5, Insightful
  
  Is disconnecting hundreds of thousands of infected machines really a problem?
  
  --
  An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
2. Re:Why did this do it this way? by Riceballsan · 2012-07-07 15:27 · Score: 5, Interesting
  
  IMO not informing them of what happened is. Believe it or not disconecting people, does not solve the problem, they buy a new computer take it to geek squad who nukes and paves it and sells them a rediculously overpriced unreliable antivirus. What could help would be to redirect the DNS servers to an informational page on how to clean off the current infection (IE hosting some cleanup tools), with tips of how to avoid infection again. No it won't educate 100% of them, some will take it to geeksquad anyway, some will find the download button and not read anything etc... but SOME will, and some is always better than none.
3. Re:Why did this do it this way? by Anonymous Coward · 2012-07-07 15:51 · Score: 0
  
  Kill 'em all; Let God sort 'em out.
4. Re:Why did this do it this way? by Jiro · 2012-07-07 15:52 · Score: 5, Interesting
  
  You don't want to redirect them to a page which tells them how to get rid of a virus. Believing pages that tell them that their system has malware and they need to follow the instructions on the page to get rid of it, is one of the common means of *spreading* malware.
5. Re:Why did this do it this way? by Dan541 · 2012-07-07 15:57 · Score: 3, Insightful
  
  Believe it or not disconecting people, does not solve the problem, they buy a new computer take it to geek squad who nukes and paves it and sells them a rediculously overpriced unreliable antivirus.
  Actually that scenario does solve the problem. Infected machines need to be formatted and reinstalled.
  
  --
  An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
6. Re:Why did this do it this way? by drinkypoo · 2012-07-07 16:27 · Score: 3, Interesting
  
  It's a massive win to me, because many of those people will probably sell their computer outright and buy another one, and then I can buy some of them (the nicer ones, anyway) at yard sales. A year or two ago (two I think) I got an Athlon 64 X2 4000+ system with a 20" LCD for $125 because the owner forgot the Admin password and couldn't figure out how to run recovery. The LCD also has S-Video, component and composite inputs and I'm using it for my PS2 right now...
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
7. Re:Why did this do it this way? by mehrotra.akash · 2012-07-07 17:06 · Score: 1
  
  Redirect all queries from the malicious servers to a page explaining that they have malicious DNS servers configured and they need to fix the issue.
  Some will check the problem themselves, others will call their ISP's,tech support,etc
  Someone using the net should have a clue what DNS is about anyways
8. Re:Why did this do it this way? by Anonymous Coward · 2012-07-07 17:16 · Score: 0
  
  IMO not informing them of what happened is. Believe it or not disconecting people, does not solve the problem, they buy a new computer take it to geek squad who nukes and paves it and sells them a rediculously overpriced unreliable antivirus. What could help would be to redirect the DNS servers to an informational page on how to clean off the current infection (IE hosting some cleanup tools), with tips of how to avoid infection again. No it won't educate 100% of them, some will take it to geeksquad anyway, some will find the download button and not read anything etc... but SOME will, and some is always better than none.
  Google has already been doing this. Quit acting like this hasn't been done. If they don't trust google you think they will trust some random message? Get real.
9. Re:Why did this do it this way? by tuppe666 · 2012-07-07 17:25 · Score: 1
  
  I What could help would be to redirect the DNS servers to an informational page on how to clean off the current infection (IE hosting some cleanup tools), with tips of how to avoid infection again.
  That describes most of the techniques Trojans use I come across on the web
10. Re:Why did this do it this way? by Z00L00K · 2012-07-07 17:50 · Score: 1
  
  What they could have done was to set the DNS:es to point to the same web page regardless of what address that was requested.
  That would have been a lot more informative.
  
  --
  If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
11. Re:Why did this do it this way? by Jack9 · 2012-07-07 17:50 · Score: 2
  
  > Is disconnecting hundreds of thousands of infected machines really a problem?
  It doesn't disconnect the machines, as many people have already pointed out. It simply causes their DNS lookups to fail.
  
  --
  
  Often wrong but never in doubt.
  I am Jack9.
  Everyone knows me.
12. Re:Why did this do it this way? by Anonymous Coward · 2012-07-07 17:52 · Score: 0
  
  IMO not informing them of what happened is.
  They have been getting messages on the front google search page for months, as well as getting letters from their ISP with their bill every month for months.
  They have been MORE than informed, and still take no action. These remaining people are the bottom of the stupid barrel and need banned from the Internet forever, not just their current computers.
13. Re:Why did this do it this way? by flimflammer · 2012-07-07 20:14 · Score: 1
  
  They don't need to tell them how to fix it, but they could have at least made a transition period where they're redirected to a page notifying them that they're infected with the virus, some basic information about the virus, and then tell them to contact their tech support representative with the information. The tech of choice (family/friend/repair shop) should be able to clean things up pretty easily then.
14. Re:Why did this do it this way? by Anonymous Coward · 2012-07-07 20:33 · Score: 0
  
  I thought that the way it was done (getting ISPs to send physical letters amongst other means) was a far better way of doing it. It comes with their bill so it seems a lot more trustworthy. Also it would set a really bad precedent for the FBI to start redirecting internet traffic without a warrant.
15. Re:Why did this do it this way? by kasperd · 2012-07-07 20:50 · Score: 2
  
  Also it would set a really bad precedent for the FBI to start redirecting internet traffic without a warrant.
  But it wouldn't be FBI that redirected the traffic. It would be the malware that redirected it, FBI would just be in control of where it got redirected to. And actually I read somewhere that FBI wasn't even doing this themselves, they left the technical part to ISC.
  
  --
  
  Do you care about the security of your wireless mouse?
16. Re:Why did this do it this way? by St.Creed · 2012-07-07 23:30 · Score: 1
  
  Someone using the net should have a clue what DNS is about anyways
  We're at least a decade beyond that point.
  
  --
  Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
17. Re:Why did this do it this way? by DarkOx · 2012-07-07 23:48 · Score: 1
  
  they buy a new computer take it to geek squad who nukes and paves it and sells them a rediculously overpriced unreliable antivirus.
  That does solve the problem of getting a vulnerable machine off the network and a user off a vulnerable machine. Even Geek Squad will make sure a machine is patched before it goes out the door again. Its still a win.
  What it does not do is educate the user about how to prevent this from happening again, but the cost of a new computer and our insanely priced Geek Squad services might just motivate them to learn on their own.
  
  --
  Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
18. Re:Why did this do it this way? by swalve · 2012-07-08 02:23 · Score: 1
  
  "need banned"? We don't use the verb "to be" anymore?
19. Re:Why did this do it this way? by Anonymous Coward · 2012-07-08 03:35 · Score: 0
  
  Even Geek Squad will make sure a machine is patched before it goes out the door again. Its still a win.
  Not true. I work the front lines doing tech support for one of the 5 largest ISP's in the US, and have had more than one customer call in after seeing Geek squad. Many times, they simply wipe the OS. 25% of the time, there isn't even a valid Windows License Key and I have to deal with WGA. If there is a restore partition, they usually run the program and hand the box back to the customer and I'm stuck installing service packs and uninstalling Norton 2002. Happens at least once every couple of weeks.
20. Re:Why did this do it this way? by nurb432 · 2012-07-08 07:42 · Score: 1
  
  "This is the FBI, your computer has been compromised with a known virus, please contact your Internet service provider for assistance"
  Then a nice note to the ISP that user with an IP of xyz is infected.
  
  --
  ---- Booth was a patriot ----
21. Re:Why did this do it this way? by Arancaytar · 2012-07-08 10:04 · Score: 1
  
  Teaching people to believe a web page when it tells them their computer is infected with a virus? Please, no.
Pull the plug by Dan541 · 2012-07-07 15:14 · Score: 5, Insightful

Is anyone else sick of hearing about this?
Just shut the servers down already and be done with it.

--
An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
1. Re:Pull the plug by Anonymous Coward · 2012-07-07 15:17 · Score: 3, Insightful
  
  Please mod this guy up. If people are so dumb that they don't know they were infected, they are the first people who need to get unplugged from the Internet.
2. Re:Pull the plug by Anonymous Coward · 2012-07-07 15:23 · Score: 0
  
  A thousand times this.
3. Re:Pull the plug by Anonymous Coward · 2012-07-07 15:24 · Score: 0
  
  I would have pulled the plug immediately as soon as I got my hands on the server/s.
4. Re:Pull the plug by Anonymous Coward · 2012-07-07 15:32 · Score: 1
  
  That would get rid of MILLIONS of morons on the internet, but you know, I don't think it'd stop the proliferation of trolls one bit.
5. Re:Pull the plug by Darinbob · 2012-07-07 15:36 · Score: 1
  
  I have not actually heard of this.
6. Re:Pull the plug by Anonymous Coward · 2012-07-07 15:43 · Score: 0
  
  I, too, am tired of hearing this.
  I'm waiting for the headlines "AOL users can't access the interwebs."
7. Re:Pull the plug by arth1 · 2012-07-07 15:52 · Score: 2
  
  Just shut the servers down already and be done with it.
  They should never have put alternative servers in place in the first place. Are the infected users paying for this service? I thought not.
  Pulling the plug immediately would have generated business for Geek Squad, Genius Bar and other computer services that keep local people employed.
8. Re:Pull the plug by shentino · 2012-07-07 16:21 · Score: 1
  
  Even allowing them to remain online is aiding and abetting everything they do.
9. Re:Pull the plug by Anonymous Coward · 2012-07-07 17:14 · Score: 0
  
  A thousand and one!
  This is retarded.
10. Re:Pull the plug by Anonymous Coward · 2012-07-07 17:42 · Score: 0
  
  Even allowing them to remain online is aiding and abetting everything they do.
  They're a LEA, so the prosecutor has most likely granted them immunity from prosecution. It's a dirty little trick which allows the law to only be applied to non-cops, i.e. "little people" while still maintaining the surface illusion that the law applies equally to all.
11. Re:Pull the plug by Anonymous Coward · 2012-07-07 17:43 · Score: 0
  
  They should never have put alternative servers in place in the first place. Are the infected users paying for this service? I thought not.
  Pulling the plug immediately would have generated business for Geek Squad, Genius Bar and other computer services that keep local people employed.
  You can't just keep generate business for Geek Squad for the sake of keeping local people employed, especially when those local people are mostly incompetent. If Geek Squad suddenly went away, nobody with a brain would miss them.
12. Re:Pull the plug by ae1294 · 2012-07-07 18:16 · Score: 2
  
  FUCK YOU yes it will....
13. Re:Pull the plug by antdude · 2012-07-07 18:38 · Score: 1
  
  Yeah, at least our Internet will be slightly faster. ;)
  
  --
  Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
14. Re:Pull the plug by Anonymous Coward · 2012-07-08 02:41 · Score: 0
  
  It must have been on Slashdot half a dozen times in recent months.
15. Re:Pull the plug by StikyPad · 2012-07-08 06:55 · Score: 1
  
  Pulling the plug immediately would have generated business for Geek Squad, Genius Bar and other computer services that keep local people employed.
  Right. God forbid people educate themselves and learn how to maintain their own computers. Hopefully we don't start selling food directly to the plebes, else restaurants may fail!
  
  --
  https://www.eff.org/https-everywhere
16. Re:Pull the plug by Anonymous Coward · 2012-07-08 07:23 · Score: 0
  
  Further, it might have drawn attention to the multiple concurrent infections, which are usual on Windows systems that are infected. So sure, they have DNS working, but how much spam, ssh noise, and other stuff is continuing unabated because the simpletons are not aware that Antivirus 2012 is not a real product?
17. Re:Pull the plug by DigiShaman · 2012-07-08 08:24 · Score: 1
  
  Or maybe the left them on so the Feds could monitor who was looking for kiddy pr0n, music, videos, or anything else the could throw the book at people. Or at the very least, generate some stats of the type of idiots that let their PCs remain infected or broken without a proper AV suite installed.
  The government always has a reason for what they do. This is not out of pure kindness or kindness sake alone.
  
  --
  Life is not for the lazy.
18. Re:Pull the plug by arth1 · 2012-07-08 11:05 · Score: 2
  
  This is not out of pure kindness or kindness sake alone.
  To paraphrase, do not ascribe to kindness that which can adequately be explained by stupidity.
19. Re:Pull the plug by arth1 · 2012-07-08 11:25 · Score: 1
  
  Right. God forbid people educate themselves and learn how to maintain their own computers. Hopefully we don't start selling food directly to the plebes, else restaurants may fail!
  The sad thing is that this nation now relies on restaurants - around half of all money spent on food is spent in restaurants, and more than half the population don't know how long it takes to boil an egg, cook beans or potatoes.
  If the food industry went on strike, people would starve with food in front of them. Educating people in what should be common knowledge - whether it's computer or food - would be nice, but the ignoramuses keep on voting against people who would spend "their" money (i.e. taxes) on others (i.e. them).
20. Re:Pull the plug by DigiShaman · 2012-07-08 14:56 · Score: 1
  
  Call me cynical.
  
  --
  Life is not for the lazy.
Too Bad About the Geek Squad Layoffs... by ilikenwf · 2012-07-07 15:17 · Score: 2

They'll be getting lots of calls from all of the inept n00bs who got infected soon.
How the hell is this still front page newsworthy? by Anonymous Coward · 2012-07-07 15:20 · Score: 0

That is all...
we're all going to die by Anonymous Coward · 2012-07-07 15:20 · Score: -1

doesn't it suck that we'll all be dead before the century is over
Better Solution by Anonymous Coward · 2012-07-07 15:25 · Score: 0

Rather than shutting the servers down suddenly, why are they not just sending all requests to a website informing people they are infected, and explaining how to fix it? Then, after a week or two, shut 'em down.
1. Re:Better Solution by Eyeball97 · 2012-07-07 15:38 · Score: 1
  
  You seem to be assuming the FBI kept them running all this time because they gave a crap about the affected people.
  How delightfully quaint...
  By the way - this message may come as a surprise but it turns out, I have a Nigerian Prince in my family who is struggling to make an overseas transfer. Please send me your Name, Address, Telephone Number, SSN, CC numbers (with PINs and CVV's) and bank account details (with web login passwords) and I'll cut you in for a $ couple of million.
Windows machines by Anonymous Coward · 2012-07-07 15:25 · Score: -1

hahaha...
Why don't they... by Annorax · 2012-07-07 15:30 · Score: 4, Interesting

.. instead of shutting it down redirect all DNS requests to a page that says "Hey, butthead, your computer is infected. Fix it!"
1. Re:Why don't they... by Osgeld · 2012-07-07 15:38 · Score: 4, Funny
  
  cause it was originally infected by a page saying your computer is infected, here's how to fix it
2. Re:Why don't they... by techno-vampire · 2012-07-07 15:44 · Score: 5, Interesting
  
  One of the easiest ways to infect computers is to put up a website with a phony virus scan and tell everybody that their system's infected, then offer to "clean" it for them. Most of us are trying to get our friends and family to understand that when a random website tells them that their computer's infected, it's a scam. What you're suggesting would just make our lives that much harder. Having all of their DNS fail, however, is going to make these people understand that there's something wrong, even if they don't have a clue about what's happening.
  
  --
  Good, inexpensive web hosting
3. Re:Why don't they... by BradleyUffner · 2012-07-07 15:47 · Score: 2
  
  Maybe it could just redirect them to a page that tells them they should contact their Internet Service Provider for assistance fixing their DNS.
4. Re:Why don't they... by Malcolm+Chan · 2012-07-07 16:14 · Score: 4, Interesting
  
  OK, so it'll probably work, then? These were the users who were willing to do it the first time, so why not a second time?
  
  --
  /MC
5. Re:Why don't they... by Anonymous Coward · 2012-07-07 16:37 · Score: 0
  
  That's more or less what google did. But as long as it's working, those morons will not do anything. Cut'em off, if just 1% *stay's* off the internet, that means several hundert morons less.
6. Re:Why don't they... by mehrotra.akash · 2012-07-07 17:08 · Score: 1
  
  In this case, they give you instructions to fix it. If you are on the net, and dont know what DNS is, you're on your own
  The same thing that happens if you drive a car and dont know how to change a tyre
7. Re:Why don't they... by toygeek · 2012-07-07 17:15 · Score: 5, Funny
  
  Various ISP's have been doing this for a while. I know of one Very Big ISP that does HTML injections, emails, and snail mail letters to their customers saying "Hey, butthead, your computer is infected. Fix it!" and guess what happens?
  Big. Fat. Nothing.
  Joe Jackass gets that letter in his mail with his bill, and goes "Huh, wonder what that is" and then trashes.
  And the gorgeous part of it? Monday, guess whose fault its going to be? That's right, the ISP's.
  People are ignorant of it, and when presented with facts, their ignorance turns into anger, and their anger turns to blame, and suddenly its somebody elses fault, so they feel justified in their ignorance.
  Yes, I do tech support in a call center for a living. F'ing kill me now. Before Monday, please.
  
  --
  Nobodies Prefect
  Tidbits for Techs Technology Blog
8. Re:Why don't they... by toygeek · 2012-07-07 17:16 · Score: 1
  
  And the worst part of it is is that half of the people I work with don't understand DNS well enough to understand the full scope of the problem.
  
  --
  Nobodies Prefect
  Tidbits for Techs Technology Blog
9. Re:Why don't they... by Anonymous Coward · 2012-07-07 17:25 · Score: 0
  
  [...] Very Big ISP [...]
  Never heard of 'em.
10. Re:Why don't they... by Anonymous Coward · 2012-07-07 17:48 · Score: 2, Insightful
  
  Because it will work a second time... and a third... and a fourth... If you redirect morons to a "you're infected!" message, then they will be easily fooled by the fake one they receive tomorrow.
11. Re:Why don't they... by interkin3tic · 2012-07-07 18:46 · Score: 4, Funny
  
  Yes, I do tech support in a call center for a living. F'ing kill me now. Before Monday, please.
  Given that this population of your customers have proven themselves incompetent, couldn't you just hang up on them all day long and reason that they won't figure out how to give you negative feedback?
12. Re:Why don't they... by bertok · 2012-07-07 19:08 · Score: 1
  
  Reminds me of desktop SOE "cutovers" on a weekend. We'd send out mass emails to everyone a week before the cutover, a day before, and then leave printed-out "cheat sheets" with key information on each keyboard on the Friday night.
  Come Monday morning, there's always at least a dozen managers on the phone to helpdesk complaining that they weren't notified of the changes. Not the ordinary workers, they always handle the changes just fine, technical teething issues aside. It's always the managers.
13. Re:Why don't they... by bky1701 · 2012-07-07 19:12 · Score: 1
  
  You mean like they were last time? What is your point?
  
  --
  Great Intellect...
14. Re:Why don't they... by Anonymous Coward · 2012-07-07 20:38 · Score: 2, Insightful
  
  The point is if you teach them that sometimes it actually does fix problems then they are far more likely to keep clicking them.
15. Re:Why don't they... by kasperd · 2012-07-07 21:00 · Score: 1
  
  Maybe it could just redirect them to a page that tells them they should contact their Internet Service Provider for assistance fixing their DNS.
  Sensible idea. But actually if each ISP set up the page instead, it could be customized for that ISP, which in some sense would be even better. All the ISP would have to do is to route the IPs of the malicious DNS servers to one machine which they control themselves and have that reply with the same IP address to every query.
  
  BTW. Why are we still using the term ISP, when these days we mostly have connectivity and services separated?
  
  --
  
  Do you care about the security of your wireless mouse?
16. Re:Why don't they... by baegucb · 2012-07-07 21:14 · Score: 1
  
  Simple solution. Instead of saying "Hi, this is toygeek at random-ISP, how can I help you?" try saying "Hi, this is most-hated-guy-at-work, how can I help you?". And then hang up. Repeatedly. Worked for someone I know.
17. Re:Why don't they... by Anonymous Coward · 2012-07-07 23:03 · Score: 0
  
  I know of one Very Big ISP that does HTML injections, emails, and snail mail letters to their customers saying "Hey, butthead, your computer is infected. Fix it!" and guess what happens?
  It doesn't take a genius to realize that the reason most of them are ignoring it is because they are TOLD to ignore things of that nature time and time again.
18. Re:Why don't they... by Anonymous Coward · 2012-07-07 23:45 · Score: 0
  
  BTW. Why are we still using the term ISP, when these days we mostly have connectivity and services separated?
  Because connectivity is a service?
19. Re:Why don't they... by Anonymous Coward · 2012-07-08 00:32 · Score: 0
  
  I know of one Very Big ISP that does HTML injections, emails, and snail mail letters to their customers saying "Hey, butthead, your computer is infected. Fix it!" and guess what happens?
  It doesn't take a genius to realize that the reason most of them are ignoring it is because they are TOLD to ignore things of that nature time and time again.
  You tell your friends and family to ignore anything their ISP sends in the mail?! My god what a jerk!
  [AC] Now remember mom, the ISP will send you stuff monthly asking for money. Always remember, this is a *scam*! Simply ignore these letters.
  [Mom] Oh thank you son, you are always so helpful every 3 months when my last ISP always cuts me off and sends letters just like you said they would! "Final notice", "collection agency", "Cut Off Letter" were just a few of the scams they tried against me.
  [AC] TrollFace
20. Re:Why don't they... by kasperd · 2012-07-08 00:54 · Score: 1
  
  BTW. Why are we still using the term ISP, when these days we mostly have connectivity and services separated?
  Because connectivity is a service?
  And what term would you then use about companies which do not provide connectivity, but provides other services such as websites, e-mail, irc, usenet, etc.
  
  --
  
  Do you care about the security of your wireless mouse?
21. Re:Why don't they... by Annorax · 2012-07-08 01:18 · Score: 1
  
  My post was originally going to be along this line of reasoning and I was concerned I would be flagged as flamebait. Thank you for voicing my opinion for me!!!
22. Re:Why don't they... by Anonymous Coward · 2012-07-08 03:47 · Score: 0
  
  The ISP I work for has had this in place since February, and are monitoring requests to those servers. At this point in time, out of 300k+ subscribers, we have less than 750 still infected, and that number was from Wednesday so it is probably lower by now. We have used a phone campaign, web redirects and other methods to try to get these people to call in and get it cleaned, and of the (numerous) calls I have had in the last 4 days of people asking about it, exactly 0 have actually been infected.
23. Re:Why don't they... by not-my-real-name · 2012-07-08 04:51 · Score: 1
  
  In this case, they give you instructions to fix it. If you are on the net, and dont know what DNS is, you're on your own
  The same thing that happens if you drive a car and dont know how to change a tyre
  That's easy. Just call AAA.
  
  --
  un-ALTERED reproduction and dissimination of this IMPORTANT information is ENCOURAGED
24. Re:Why don't they... by Anonymous Coward · 2012-07-08 05:53 · Score: 0
  
  Various ISP's have been doing this for a while. I know of one Very Big ISP that does HTML injections, emails, and snail mail letters to their customers saying "Hey, butthead, your computer is infected. Fix it!" and guess what happens?
  Replace the top ten streaming video services with a message indicating the computer is hacked and there's not enough bandwidth (or whatever excuse) to display their video and you'll get 99% compliance.
25. Re:Why don't they... by mehrotra.akash · 2012-07-08 06:18 · Score: 1
  
  And, here you call your tech support guy
26. Re:Why don't they... by Anonymous Coward · 2012-07-08 07:02 · Score: 0
  
  AAA will change your tyres into tires.
27. Re:Why don't they... by Anonymous Coward · 2012-07-09 12:53 · Score: 0
  
  cause it was originally infected by a page saying your computer is infected, here's how to fix it
  Ok "Smarty Pants" get Microsoft AntiVirus 2012 which shows lots of registry errors, viruses, cookies etc etc....... and you can even clean your computer with the latest "Sub 7 (Windows 7*) =merge "".
DSNChanger by Anonymous Coward · 2012-07-07 15:32 · Score: 0

Is this a new one, or have the editors given up completely? /DNSChanger you fucktards
Security Awareness Fail by zedrdave · 2012-07-07 15:33 · Score: 5, Informative

"dcwg.org"? seriously?

Let me get this straight: the FBI is recommending people go to a nondescript .org website to run a security check on their computer?

Can I next invite them to go to submit their information at fswrxt.net to check that their credit card wasn't hacked?
1. Re:Security Awareness Fail by theskipper · 2012-07-07 15:47 · Score: 3, Insightful
  
  What's wrong with a four letter .org? They obviously vetted it. There was also a mention of "dns-ok.us". That domain looks even funkier but it's perfectly legit.
2. Re:Security Awareness Fail by bmo · 2012-07-07 16:27 · Score: 3, Insightful
  
  >nondescript .org
  DCWG is DNS Changer Working Group
  How is it nondescript? It's a friggin' acronym for the name of the group.
  Tell me, how descriptive is slashdot.org? Why are you here on a site that has a nondescript.org name?
  >modded informative
  Right. There's no accounting for taste among mods.
  --
  BMO
3. Re:Security Awareness Fail by Anonymous Coward · 2012-07-07 16:34 · Score: 0
  
  Oddly enough, I find myself agreeing with bmo these days...
4. Re:Security Awareness Fail by wvmarle · 2012-07-07 17:29 · Score: 3, Interesting
  
  It teaches people that those unknown, never-heard-of-before, nondescript .org domains are fully safe and a-OK. Just pretend to be from the FBI, send them to such a site, and you can infect them all you want.
5. Re:Security Awareness Fail by adolf · 2012-07-07 17:29 · Score: 1
  
  How about something ending in fbi.gov? I mean.........
  
  --
  Kid-proof tablet..
6. Re:Security Awareness Fail by Anonymous Coward · 2012-07-07 18:00 · Score: 0
  
  Nope, too easy. It would have to be reviewed by a blue ribbon commission prior to it's submission to the committee for approval on submitting it to the adjutant director's approval for submission to the director.
7. Re:Security Awareness Fail by collar · 2012-07-07 18:59 · Score: 2
  
  In Australia they've promoted http://dns-ok.gov.au/, which to me seems like a good idea (utilising the trust expectation of a .gov.au site) rather than going with a 3rd party site.
8. Re:Security Awareness Fail by fatphil · 2012-07-07 20:50 · Score: 4, Insightful
  
  "Just pretend to be from the FBI, send them to such a site, and you can infect them all you want."
  
  You missed a step.
  
  Just pretend to be from the FBI, tell them "your machine is infected", send them to such a site, and you can infect them all you want.
  
  --
  Also FatPhil on SoylentNews, id 863
9. Re:Security Awareness Fail by fatphil · 2012-07-07 21:09 · Score: 3, Insightful
  
  > >nondescript .org
  >
  > DCWG is DNS Changer Working Group
  >
  > How is it nondescript? It's a friggin' acronym for the name of the group.
  
  Only if you know in advance there's such a working group. And you know in advance there's malware with that name. The people who are previously aware of such things are probably not the people who are going to still be infected.
  
  I'm sure the grandparent poster could come up with an sensible-sounding acronym based on the dodgy domain he proffered. Being an acronym of something that sounds sensible does *not* make it trustworthy.
  
  You need to take a step back. You are unable to put yourself in the shoes of those who do not have the prior information that you have.
  
  The dns-ok domains are just as untrustworthy intrinsically. Why should I trust those, but not trust equivalent domains with "dns-check" or "dns-safe" in their name? Why is "ok" OK, but "safe" not safe? Explain that to someone who does not have prior knowledge about the situation.
  
  It's a government-funded and supported effort, the domain should have been either under .gov; end of.
  
  --
  Also FatPhil on SoylentNews, id 863
10. Re:Security Awareness Fail by subreality · 2012-07-07 21:40 · Score: 3, Insightful
  
  People who think twice about clicking this link generally aren't affected by dnschanger in the first place.
11. Re:Security Awareness Fail by bmo · 2012-07-07 23:28 · Score: 1
  
  Your entire assertion is that since it's an .org instead of a .gov means it's not trustworthy, implying it's the same a .biz or something a spammer would use. .org, .gov, .mil, .com, .edu, and .us were all the original TLDs.
  Your argument rests on nonsense.
  --
  BMO
12. Re:Security Awareness Fail by Anonymous Coward · 2012-07-07 23:48 · Score: 0
  
  Your entire assertion is that since it's an .org instead of a .gov means it's not trustworthy
  It isn't trustworthy. Anyone can register a .org, therefore you can't trust it without further information, information which infected users are unlikely to have.
13. Re:Security Awareness Fail by snspdaarf · 2012-07-08 00:36 · Score: 1
  
  Only if you know in advance there's such a working group. And you know in advance there's malware with that name. The people who are previously aware of such things are probably not the people who are going to still be infected.
  How could they not know? For the last week, this has been on local TV news, NPR, CNN, Fox, and probably others that are not on my cable TV system or broadcast in my area.
  
  And while we are talking about what people do or don't know, what's wrong with a redirect to a web page that says your computer is infected and you need to fix it? Not "click here to fix it", but just "you need to get it fixed." That is NOT training them to click on unknown links.
  
  --
  Why, without your clothes, you're naked, Miss Dudley!
14. Re:Security Awareness Fail by bmo · 2012-07-08 00:56 · Score: 2
  
  So only .gov, .mil, and .edu websites are trustworthy?
  That there has never been a hijacked .gov or .edu website?
  Did I just wake up after a dream that I was in 2012 and it's really 1992?
  Using the name of a website, or a TLD to determine trustworthiness is absolute bollocks. I don't know how else to put it. For an argument to be valid, it has to work through the entire chain. Yours fails on basic assumptions - the basic assumption is that .gov websites are inherently trustworthy.
  --
  BMO
15. Re:Security Awareness Fail by Anonymous Coward · 2012-07-08 01:47 · Score: 0
  
  Wow, you didn't just miss the point, it's like you missed the whole Platonic concept of "points".
16. Re:Security Awareness Fail by Legion303 · 2012-07-08 01:55 · Score: 1
  
  You also missed a step.
  Just pretend to be from the FBI, get your fake site on all the news shows, papers and internet news outlets for a week or two, tell them "your machine is infected", send them to such a site, and you can infect them all you want.
17. Re:Security Awareness Fail by strikethree · 2012-07-08 04:36 · Score: 1
  
  Seriously guy, why such derision? I did not know what DCWG stood for until you posted it. Since I am at least vaguely aware of what is going on, I had a much better chance of understanding it than the average person.
  The person you are responding to had a perfectly valid point. I saw the site name in the summary and my first thought to myself is: WTF? Why not at least send them to a domain ending in .gov. What does this org (nothing against .orgs here) site have to do with anything at all and what kind of credibility is there?
  I kind of agree that it should not have been modded up as informative even if the post would have been informative to future do-gooders. I think it should have been modded up as interesting or insightful though.
  
  --
  "Someone needs to talk to the tree of liberty about its ghoulish drinking problem." by ohnocitizen
18. Re:Security Awareness Fail by bmo · 2012-07-08 04:45 · Score: 1
  
  Seriously guy, why such derision?
  Because his argument revolves around the assumption that only .gov websites are trustworthy.
  Like a .gov website has never been hijacked. Ever.
  Basing the trustworthiness on the name of a site is as ridiculous as basing the trustworthiness of an individual on how he looks, is dressed, family tree, or his name or any number of unrelated categories. It's just utter bollocks.
  --
  BMO
19. Re:Security Awareness Fail by bmo · 2012-07-08 04:50 · Score: 1
  
  Oddly enough, I find myself agreeing with bmo these days...
  Flattered.
  I'm sure I'll wind up changing your mind about me in the next month or so.
  --
  BMO
20. Re:Security Awareness Fail by strikethree · 2012-07-08 05:53 · Score: 1
  
  I should disallow javascript on Slashdot. It ate my reply when I realized it was trying to force me to post as Anonymous Coward.
  Long story short, I was not being derisive in my response to you. You do have valid points.
  My, and the OP's point, was that directing people to previously unknown websites is monumentally stupid. Post a page, without scripts on at least two other known websites such as the CERT website and the FBI website. Anything else is just perpetuating the tactics used to infect them in the first place. D'oh!
  
  --
  "Someone needs to talk to the tree of liberty about its ghoulish drinking problem." by ohnocitizen
21. Re:Security Awareness Fail by Anonymous Coward · 2012-07-08 05:56 · Score: 0
  
  Oh, God, I can't believe people are so thick that this comment was controversial.
22. Re:Security Awareness Fail by bmo · 2012-07-08 07:22 · Score: 1
  
  Do you believe in the "network of trust" model of trust?
  The name of a website is irrelevant. What counts is who points at the page and says "That page is trustworthy." The more reputable people who point at a page and say it's trustworthy, the better.
  Everyone who is anyone in the security field is pointing at dcwg.org as trustworthy. The only people who aren't are the ones who don't know what dcwg.org is and are arguing from ignorance about the trustworthiness of dcwg.org.
  And this boggles my mind that I'm still arguing this point.
  --
  BMO
23. Re:Security Awareness Fail by strikethree · 2012-07-08 07:38 · Score: 1
  
  Hm. You seem to be under the impression that I think dcwg.org IS untrustworthy. That is not what I am arguing at all. What I am saying is that it APPEARS to be untrustworthy to people who do not know already what dcwg.org is.
  What is even funnier is that one of my friends just sent me a link on Yahoo about this whole mess and this is the content of the email: "http://news.yahoo.com/blogs/lookout/blackout-monday-dns-changer-know-155840354.html
  Maybe they are the ones scamming and getting people to click on their links to "diagnose" if they have an issue. hehe"
  I laughed really hard considering our current discussion. He sent it after my first reply to you and before any subsequent replies.
  It does not matter if dcwg.org actually IS trustworthy. What matters is that it does appear to be untrustworthy to anyone with an ounce of paranoia and who is not familiar with this whole mess.
  
  --
  "Someone needs to talk to the tree of liberty about its ghoulish drinking problem." by ohnocitizen
24. Re:Security Awareness Fail by bmo · 2012-07-08 19:43 · Score: 1
  
  "You seem to be under the impression that I think dcwg.org IS untrustworthy."
  Why else would you harp on this point and give people who are lazy fucks the benefit of the doubt when it takes less than 5 seconds to go look up whether dcwg is legitimate? It's not like search engines are a new thing. I'll say it again: The name and the TLD it operates under is IRRELEVANT when it comes to trust.
  " That is not what I am arguing at all. What I am saying is that it APPEARS to be untrustworthy to people who do not know already what dcwg.org is."
  Then that's their fault if they refuse to fucking read a goddamn thing. The only people who would call it untrustworthy are going by superficial appearances alone, and they get what they deserve in real life and on the net. Seriously. Because when they do something like that, they also do the opposite: call a site trustworthy because of the name. And this is an insane way to go through life.
  THE NAME AND THE TLD ARE IRRELEVANT WRT TRUST.
  I see you grasping at straws and the only thing that could possibly motivate you to continue arguing this ridiculous point is that you need to get the last word. Fine. You can have it. I'm done. But you've done a piss poor job of convincing me that I'm in any way wrong on this issue.
  Bye.
  --
  BMO
25. Re:Security Awareness Fail by fatphil · 2012-07-08 21:09 · Score: 1
  
  No, that's not my entire assertion. As you appear to have the short-term memory of pond-life and had forgotten earlier lines of my post by the time you'd got to the final line in it, there's no point in me repeating it. So no, that's not my entire assertion.
  
  --
  Also FatPhil on SoylentNews, id 863
26. Re:Security Awareness Fail by fatphil · 2012-07-08 21:20 · Score: 1
  
  > How could they not know? For the last week, this has been on local TV news, NPR, CNN, Fox, and probably others that are not on my cable TV system or broadcast in my area.
  
  Well, for a start, they might only watch the sports channel?
  Or they might not have a telly? (We aren't that rare.)
  Or they might not be in the US at all?
  
  > Not "click here to fix it", but just "you need to get it fixed." That is NOT training them to click on unknown links.
  
  Very much agreed. "Contact your ISP" is fine. It doesn't have to be expository or clever - the simpler and blunter it is the better.
  
  --
  Also FatPhil on SoylentNews, id 863
27. Re:Security Awareness Fail by fatphil · 2012-07-08 21:28 · Score: 1
  
  When /The Yes Men/ turn evil...
  
  --
  Also FatPhil on SoylentNews, id 863
28. Re:Security Awareness Fail by Anonymous Coward · 2012-07-09 01:39 · Score: 0
  
  *BMO sets mode +butthurt
29. Re:Security Awareness Fail by Anonymous Coward · 2012-07-09 03:49 · Score: 0
  
  Based on this argument I guess we should never go to a new website ever.
30. Re:Security Awareness Fail by Anonymous Coward · 2012-07-09 06:02 · Score: 0
  
  > Only if you know in advance there's such a working group.
  In that case it was just a fail by whoever came up with the copy for this page. They could have easily said something like: "Go to dcwg.org (DCWG stands for DNS Changer Working Group) to see if you're infected..." and that argument is moot. Sure if they don't know much about DCWG they'd have to look it up, but at least it's no longer nondescript.
  However, I agree with you that it should have been under .gov in the first place.
Damn it! by Anonymous Coward · 2012-07-07 15:36 · Score: 0

First DNSChanger, and now DSNChanger?! Thanks for the bad news, Editors!
Should have been redirecting for months by dufachi · 2012-07-07 15:41 · Score: 0

The "Feds" should have been redirecting these morons to a page that tells them how to get rid of it for months. Instead, now all these morons are going to be clogging up ISP tech support because "ma internets dun gone wonky and won't werk!"

--
-Kinsey
1. Re:Should have been redirecting for months by Jiro · 2012-07-07 15:55 · Score: 4, Insightful
  
  1) It's a bad idea to train users that they should actually believe a web page that tells them they have a virus and how to remove it. This is typically used to spread malware, not remove it.
  2) The FBI wanted this to go on as long as possible, because it allows them to spy on the traffic sent to the now FBI-controlled servers.
2. Re:Should have been redirecting for months by Anonymous Coward · 2012-07-07 20:43 · Score: 0
  
  I have heard your second statement a lot but it doesn't seem useful. Would the FBI really want the internet history of these morons? 90% of it will be Facebook.
Come on now. by Impy+the+Impiuos+Imp · 2012-07-07 15:45 · Score: 1

Did they serve up a web page that says, "You're infected, please go to xyz.fbi.gov to clean up your machine."
When I forget to pay my ISP, they redirect all my web pages to their own saying, "Sorry!" (And as an aside, they are idiots because they don't provide a link to pay from that disabled-page. It seems so obvious there's probably somebody with a patent demanding money to do that.)

--
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
1. Re:Come on now. by Anonymous Coward · 2012-07-07 15:54 · Score: 0
  
  Did they serve up a web page that says, "You're infected, please go to xyz.fbi.gov to clean up your machine."
  Okay, think this over. We've been trying to drill it into the morons' heads that "your computer is infected!" in a web browser is the number one sign that you're looking at an antivirus scam. We've been telling them not to click any links anywhere near things like that.
  We've also been trying to drill it into their heads that anyone can claim to be anyone on the internet, and graphical logos of "officials" (i.e. the FBI) are trivially easy to spoof. Again, we've been telling them not to click links of that nature.
  For the purposes of this situation, we can split the internet into three groups of people: People who know better and won't ever see that message; people who have vaguely paid attention to us, would be terminally confused by such a message, and would be calling us for help anyway; and people who are complete boneheads who haven't paid any attention to us and would still be calling us for help if they saw such a message (in the third case, they'd first be calling us to read it to them, what with all them fancy grammars and word-learnin' we gots). Your solution would solve nothing.
2. Re:Come on now. by FatLittleMonkey · 2012-07-08 00:23 · Score: 1
  
  However, if every single url you enter loads the same "your computer is infected" page, google.com, facebook.com, slashdot.com, it's a good sign your computer really is infected.
  
  --
  Science is all about firing a drunk pig out of a cannon just to see what happens.
3. Re:Come on now. by FatLittleMonkey · 2012-07-08 00:27 · Score: 1
  
  And as an aside, they are idiots because they don't provide a link to pay from that disabled-page.
  Anyone who clicked on such a link would be the idiot. See also, DNSChanger.
  
  --
  Science is all about firing a drunk pig out of a cannon just to see what happens.
Redirect them... by Anonymous Coward · 2012-07-07 15:51 · Score: -1

Why can't they just have all web traffic from the infected computers forwarded to a page with instructions on how to fix it instead of just shutting down the servers?
1. Re:Redirect them... by Anonymous Coward · 2012-07-07 16:35 · Score: 0
  
  Why can't they just have all web traffic from the infected computers forwarded to a page with instructions on how to fix it instead of just shutting down the servers?
  Redirect them to a page that says:
  Please turn off your computer, put it back in the box, take it to the store and ask for your money back, you're too stupid to be allowed on the Internets.
"DSN"?? by Anonymous Coward · 2012-07-07 15:53 · Score: 0

Derp. Seriously, now?
Only WinDoz 95-8,ME, 2000, XP, SP1, SP2, SP2, W7 by Anonymous Coward · 2012-07-07 15:57 · Score: -1

No worry here. We don't do WinDoz. :) :D
Snicker snicker.
LoL
dupes and typos -- Timothy in fine form by 1u3hr · 2012-07-07 16:14 · Score: 4, Informative

"DSNChanger Shut-Down Means Internet Blackout Coming For Hundreds of Thousands"
"DSNChanger"?
And this is yet another dupe of this tedious "story", last just two days ago.

FBI To Shut Down DNSChanger Servers Monday -- But Should It Cut Off 300k PCs?
Posted by Soulskill on Thu Jul 05, '12 04:18 AM
DSNChanger Shut-Down by michaelmalak · 2012-07-07 16:26 · Score: 2

DSNChanger Shut-Down
And a thousand Microsoft Access fat clients lose access to their back-end databases.
1. Re:DSNChanger Shut-Down by Anonymous Coward · 2012-07-08 03:12 · Score: 0
  
  It's as if millions, err hundreds of thousands, of voices suddenly cried out in terror and were suddenly silenced
Interesting statistics by mcbridematt · 2012-07-07 16:46 · Score: 4, Informative
DNSChanger infections by AS
Top infected ISPs:
- Comcast / AS7922 - 10211 unique IPs
- BSNL (India) / AS9829 - 13818 unique IPs
- France Telecom / AS3215 - 5075 unique IPs
source
1. Re:Interesting statistics by Raistlin77 · 2012-07-07 18:00 · Score: 1
  
  That's not as interesting as browser/OS stats would be.
2. Re:Interesting statistics by Raistlin77 · 2012-07-07 18:08 · Score: 1
  
  Also, keep in mind that most large ISPs have numerous ASNs. Comcast, for example, has somewhere around 50.
3. Re:Interesting statistics by kasperd · 2012-07-07 21:18 · Score: 1
  
  Also, keep in mind that most large ISPs have numerous ASNs. Comcast, for example, has somewhere around 50.
  No wonder the AS numbers are running out. I cannot imagine any technical reason Comcast would need that many AS numbers. But 50 AS numbers for a single ISP has got to be unusual. I would guess there are too many ISPs in the world for them to have that many AS numbers each.
  
  --
  
  Do you care about the security of your wireless mouse?
4. Re:Interesting statistics by Raistlin77 · 2012-07-08 01:43 · Score: 1
  
  It's because ASNs do not identify providers, they identify networks. ISPs may own or control any number of individual networks. See http://en.wikipedia.org/wiki/Autonomous_System_(Internet)
5. Re:Interesting statistics by Erikderzweite · 2012-07-08 06:22 · Score: 1
  
  Yeah, we will at last have a credible source to determine Linux share in the OS market!
6. Re:Interesting statistics by kasperd · 2012-07-08 08:27 · Score: 1
  
  It's because ASNs do not identify providers, they identify networks. ISPs may own or control any number of individual networks.
  But there is no limit on the number of address prefixes and network segments that you can have within the network identified by an AS number. In the case of Comcast you'll find that many of their individually numbered networks are in fact BGP peers with each other. I don't know of any technical reason why they would need multiple AS numbers for that kind of setup. With a proper IGP and a few routers that can push information from the IGP through BGP, they should be able to run those networks under a single AS number.
  
  The cases where there is a technical need for separate AS numbers are when the different networks are not connected, or are so sparsely connected that you will sometimes route traffic between your networks through other providers.
  
  If Comcast always use their own network for traffic between their customers, then they could run it all under a single AS number. If OTOH traffic between two Comcast customers will sometimes be routed outside of the Comcast network through their upstream providers, then those customers do need to be in different networks with different AS numbers. I doubt that Comcast will pay transit providers to handle traffic between Comcast customers.
  
  There is a number of cases where a single company ends up with multiple AS numbers as a result of acquisitions. And once a company does have multiple independent networks for this reason, it doesn't always make sense to merge them. However in the case of Comcast it doesn't look like that is the result of any acquisitions.
  
  --
  
  Do you care about the security of your wireless mouse?
7. Re:Interesting statistics by Anonymous Coward · 2012-07-09 05:00 · Score: 0
  
  lol BSNL, no wonder, thank god i stopped my BSNL connection, anyone want a BSNL wifi router-modem for 1500 rupees?
Fire the Editors by Anonymous Coward · 2012-07-07 17:13 · Score: 0

Is it DSNChanger or DNSChanger? Pick one.
PDF from the FBI? by sapgau · 2012-07-07 17:17 · Score: 1

How do I know the FBI posted a PDF?
Because it doesn't have any logos or official headings!
1. Re:PDF from the FBI? by Anonymous Coward · 2012-07-07 18:51 · Score: 0
  
  Because it installs its own malare if the file is opened in Acrobat Reader.
Instructions in a PDF. by Anonymous Coward · 2012-07-07 17:38 · Score: 0

I am not sure I trust opening a PDF, especially with Adobe Reader. They should have just used plain html.
Ummm .... No by Anonymous Coward · 2012-07-07 17:46 · Score: 0

DNSChanger affects Microsoft Desktop and Server Product. 99% of the internet and World Wide Web will be completely unaffected.
Snicker snicker
LoL
1. Re:Ummm .... No by Anonymous Coward · 2012-07-07 20:10 · Score: 0
  
  the fact you signed two AC post's the exact same way shows your level of stupidity, then you confirm it by saying the internet and the World Wide Web, seriously?
  here we go folks its a hater from 1993, bet they have SCO installed with netware runnin off of coax ... obviously someone to take tech advice from
They handled it poorly. by GNUALMAFUERTE · 2012-07-07 19:53 · Score: 2

Keeping the server up for so long was a mistake. Not warning users was a huge mistake too.
What I would have done:
Keep the server up for 10 days.
Redirect all requests to a page that says "Your computer has been compromised ... blah blah blah. Your internet connection will stop working in N days. Click here to continue to the site you where visiting".
Simple yet effective.

--
WTF am I doing replying to an AC at 5 A.M on a Friday night?
1. Re:They handled it poorly. by Osgeld · 2012-07-07 20:13 · Score: 1
  
  They should have just pulled the plug, fuck warnings, these people havent the slightest idea in the first place, you think another scam like site is going to warrant any action?
  fuck them, let tech support figure it out. Smart users will investigate, dumb ones will pay 75 bucks an hour for a 30 second fix just like they always do, cause they have no OS disk and half the software they have is copies.
  (I was a tech for many years, back when it was somewhat respectable)
2. Re:They handled it poorly. by Anonymous Coward · 2012-07-07 20:49 · Score: 0
  
  If a warning whenever they went to Google or Facebook as well as physical letters weren't enough what makes you think an easily bypassable warning message will get these jackasses to do something?
3. Re:They handled it poorly. by fatphil · 2012-07-07 21:18 · Score: 3
  
  So they should have injected a popup that said "your computer may be infected - click here for a free virus scan"?
  
  You *really* didn't think about your post before clicking 'submit', did you? It is only "simple" in the way the word is euphemistically used to mean "stupid".
  
  --
  Also FatPhil on SoylentNews, id 863
4. Re:They handled it poorly. by kasperd · 2012-07-07 21:25 · Score: 1
  
  Redirect all requests to a page that says "Your computer has been compromised ... blah blah blah. Your internet connection will stop working in N days. Click here to continue to the site you where visiting".
  Simple yet effective.
  I am sure they would have done something like that if it had been possible. But it is not. Once you hijack the first connection attempt, the browser is going to cache the DNS lookup. Clicking the second link is just going to go back to the hijack page again.
  
  You can get such hijacking mostly working if you do it at the routing level (like most hotspot providers do). But you cannot hijack the connection at the routing level, when you only control DNS.
  
  --
  
  Do you care about the security of your wireless mouse?
5. Re:They handled it poorly. by DarkOx · 2012-07-07 23:43 · Score: 1
  
  The right way to handle it was just to pull the plug. Better to let the users find out something is wrong and get the box looked at properly than to continue running a vulnerable machine. I agree with you about the problem of posting a "you may be infected page", what you could do is post a page that says "You may be infected. Obviously you should not trust anything your read online. Please contact your ISPs support services or find a support provider in the yellow pages."
  
  --
  Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
6. Re:They handled it poorly. by GNUALMAFUERTE · 2012-07-08 04:36 · Score: 1
  
  You are right. That's why there are no Dynamic DNS services out there.
  Oh, wait, there totally are, shitloads of them. And you can totally set the TTL on any DNS record, therefore preventing caching. Who would have thought it?
  I certainly couldn't have figured it out on my own, I only have 15 years of experience as a unix sysadmin.
  
  --
  WTF am I doing replying to an AC at 5 A.M on a Friday night?
7. Re:They handled it poorly. by GNUALMAFUERTE · 2012-07-08 04:40 · Score: 1
  
  Don't display the note on the hijacked request, redirect the user to the actual FBI website, on HTTPS, where they get the note, and the option to redirect to their original request.
  Thow tech savy enough will realize it's for real, and those not tech savy enough will believe the message anyway, even if it was hosted at fbi.gq.nu
  
  --
  WTF am I doing replying to an AC at 5 A.M on a Friday night?
8. Re:They handled it poorly. by kasperd · 2012-07-08 08:32 · Score: 1
  
  And you can totally set the TTL on any DNS record, therefore preventing caching.
  But in practice that only prevents caching in recursive resolvers, it does not prevent caching in browsers. A lot of browsers will deliberately keep using the result of the first DNS lookup even after it has expired for security reasons.
  
  --
  
  Do you care about the security of your wireless mouse?
9. Re:They handled it poorly. by GNUALMAFUERTE · 2012-07-08 13:06 · Score: 1
  
  Except for the fact that neither firefox nor explorer implement DNS pinning.
  Also, it doesn't apply in this case, the page server could just redirect to the fbi website, and then provide a link back to the original site. If you are trully paranoid about pinning, you can implement a 5 second delay on the fbi redirector. You are going to another domain, then linking back.
  
  --
  WTF am I doing replying to an AC at 5 A.M on a Friday night?
10. Re:They handled it poorly. by Anonymous Coward · 2012-07-09 10:52 · Score: 0
  
  What you've failed to realize is that the only people who were infected in the first place are the ones who already did click on a popup that said "your computer may be infected - click here for a free virus scan". Anyone smart enough not to do so didn't get infected in the first place.
Re:Only WinDoz 95-8,ME, 2000, XP, SP1, SP2, SP2, W by Anonymous Coward · 2012-07-07 20:07 · Score: 0

and mac you fag
it wont effect linux, but your obviously too stupid to something that didnt come with your mommy's computer
Why disconnect when they could educate? by Anonymous Coward · 2012-07-07 21:01 · Score: 0

I don't understand the laziness of just turning the servers off and severing the uneducated dolts that haven't corrected for this yet.
It seems to me that the best public service that the government could offer in this case is to first change those servers so that all DNS requests lead to a single computer (or set of computers) that provide the same web page, regardless of what is requested: A page that explains that you could only be seeing it if you were infected with this virus, followed by instructions on how to get it cleaned up. The machine could also offer mail servers that accept any account and always return one message that matches the web page. Hmmm... I wonder if it would be possible to even simulate youtube, netflix, hulu and provide an educational video (since some of the yokels who are still infected may not be able to read all that well.)
It really doesn't seem that that should have been too difficult to set up during the past six months and it does seems like it might be an actual public service to attempt to educate the specific segment of the public that desperately needs it. The fact that the government is just going to shut down the temporary servers without taking this insanely obvious step in the process just shows how little they actually care for the people.
Sorry, I whine. I'll shut up now.
good riddance by Tom · 2012-07-07 21:06 · Score: 4, Interesting

Until malware seriously impacts those who are affected by it, interest by people to defend against it will remain minimal. Spammers thrive in this environment, because people don't care and can get away with it.
I am still for a forced disconnect of any spamming botnet member until he has cleaned up his machine. When you drive your car on a public road, you have responsibility for it being roadworthy. Same logic applies to computers on the Internet. If you don't connect it to anything, I don't care how many kinds of malware your machine contains. If you go online, and you don't have working headlights, so to speak, you need to be taken off the road.
I've had this argument inside ISPs. I am disgusted to this day by their cowardice. They fear customers would leave for competitors. Yeah, they probably would. That's why we need laws and regulations here, so everyone is in the same boat, at least within the same jurisdiction.
So I applaud this move, though I think it should've come much earlier.

--
Assorted stuff I do sometimes: Lemuria.org
1. Re:good riddance by Anonymous Coward · 2012-07-07 23:11 · Score: 0
  
  Really? You're suggesting that the ISPs, or even worse, the government needs to be able to decide who can or can't be online?
2. Re:good riddance by FatLittleMonkey · 2012-07-08 01:41 · Score: 2
  
  I've had this argument inside ISPs. I am disgusted to this day by their cowardice. They fear customers would leave for competitors.
  An Australian ISP (Exetel?) used to have an informal policy that if a customer rang about something stupid, and insisted and shouted about the stupid thing, the owner himself would contact the customer, cancel the contract, refund their connection fee, and give them 30 days to take their business elsewhere. His feeling was that customer service was a major cost, so it was cheaper to dump them than pay for their argumentative stupidity.
  
  I am still for a forced disconnect of any spamming botnet member until he has cleaned up his machine.
  Years ago I argued for fines for even unknowingly sending spam. Ie, fine the owner of the infected machine. In the same way that failing to clean the windows of your car doesn't absolve you of any harm you cause when you crash, why should failing to clean the Windows of your computer? Just a few cents per spam, up to, say $1000 per individual, or $1000-per-infected-pc for businesses. The only defence would be if you could show you "took reasonable measures", such as up-to-date AV, firewall, etc. So you wouldn't be slugged for zero-day exploits you couldn't actually do anything about (except switch to Linux :)
  Mind you, I also argued for similar fines for software and OS vendors, which left users vulnerable out of the box. And for ISPs/email-hosts who allowed spam to be delivered. So I'm kind of a jerk.
  
  --
  Science is all about firing a drunk pig out of a cannon just to see what happens.
3. Re:good riddance by Tom · 2012-07-08 02:13 · Score: 1
  
  Yes, I am.
  Now when you've whiped the foam from your mouth, you will realize that it already works that way in many other areas. We don't let people who haven't studied medicine performe liver transplants. We don't let people drive a car if they haven't demonstrated that they know at least the basics of it. And we have further rules saying that if you are so intoxicated that you can't drive safely anymore, then you are not allowed to drive.
  Same thing here. If your computer has become a danger to others, it does not belong online. Clean it up (aka, sober up) and then you can go online again.
  Doesn't sound all that conspiracy-theory-evil-overlordy anymore if you write it out in simple, reasonable terms, does it?
  You make it sound like someone could decide to deny online access to someone permanently. But that is not what I ever said. "sober up and then you'll get your car keys back" is a perfectly acceptable approach to the issue of drunk driving. And "clean up your machine and then you'll get your online connection back" is a perfectly good approach to the issue of malware and bot nets.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
4. Re:good riddance by DigiShaman · 2012-07-08 08:35 · Score: 1
  
  Time Warner does just that. If your modem is spewing SPAM and other malware related traffic, it gets shutdown to all but one DNS redirected site of www.rrsecurity-abuse.com
  
  --
  Life is not for the lazy.
How many more times? by wonkey_monkey · 2012-07-08 00:55 · Score: 1

Since you're reading this here, you're probably already aware...
Yes, yes we are. So why are you telling us again?

--
systemd is Roko's Basilisk.
1. Re:How many more times? by 1u3hr · 2012-07-08 04:03 · Score: 1
  
  Yes, yes we are. So why are you telling us again?
  So we can have 200 posts by smart arses saying "The FBI should have redirected them to a page telling them how to disinfect their PC". Then 400 posts by smart arses saying what a bad idea this would be because.... etc, etc. 90 % of the posts fall in one or the other category, showing that posters rarely read the summary, hardly ever the article, and somehow manage to ignore all the other post that said exactly the same thing over and over.
  Its almost as good as a gun nut or creationist-baiting story for generating page hits and posts, except this plays on the deep need for Slashdot posters to demonstrate that they're smarter than the idiots who got infected, or the FBI, and especially other posters. While actually demonstrating the opposite.
I'm a mac /linux user so I don't know much, but by Anonymous Coward · 2012-07-08 01:17 · Score: 0

So this bug tells a computer to use a different DNS and the FBI has been running said DNS to keep people online. Why can't the FBI server redirect all incoming traffic to a help page?
Wouldn't Windozers figure out something is wrong if every site they try to visit turns out to be a big splash screen explaining they have a stupid virus and a link to whatever will fix it?
If I mistype any URL I end up with a some advertising laden search screen generated by my provder. This seems like an easy solution and doesn't require umpteen million windose computers to be carried to the local repair guys tomorrow.
Out of 10000 IP addreses, 2 users have this issue by mysidia · 2012-07-08 01:39 · Score: 1

It's a much MUCH smaller deal than has been suggested.
At this point, the only way you have much chance of being impacted, is if someone's been totally negligent in the maintenance of the computer, and just does simply no security work at all for the computer and their LAN, or you are in a position of providing support for such a user, for network connectivity.
And I say that, because by now any DNSChanger impacted user has had a year to recognize the problem, and it's been a well-publicized threat.
HOSTS FILE! by Anonymous Coward · 2012-07-08 02:29 · Score: 0

Had you been using 100MB hosts files as APK does, your Internet would still work! Dummies!
should have re-installed months ago by davydagger · 2012-07-08 04:53 · Score: 1

What the FBI SHOULD have done is re-dirrect the web browsers of infected machines to an fbi.gov site informing them of the problems and providing instructions on how to re-install windows. Then mabey a link to add a cookie to bypass and keep browsing.

Then we have the issue that the malware is still live, but the FBI is controlling it. Does anyone else see a massive oppertunity for the FBI to use this to spy on people like the malware's original authors did.

For most people its going to be a slight headache to re-install, but nothing more. It should have been months ago.
Let them have it by Hamsterdan · 2012-07-08 05:47 · Score: 1

I'm wondering why the fsck it took so long. One of my previous job was at an ISP, and I had no problem cutting off customers if their machine was spewing off crap. (I probably enjoyed it too much)
Any of you repaired a 10-toolbar machine (where nothing was installed of course, and they never opened unknown emails)?
I fixed my sister's laptop last week, and it probably had more malware than software installed on it.
So yes, cut them off... Internet access isn't a right, if you can't manage your network you shouldn't have intertubes access.
(If my ISP cut me off because one of my machines was creating havoc on their network, I would gladly take it off and thank them for warning me about it)

--
I've got better things to do tonight than die.
Less than 0.01% of internet users affected by Anonymous Coward · 2012-07-08 06:09 · Score: 0

Which sounds worse, "300000 USERS WILL LOSE INTERNET ACCESS!" Or "LESS THAN 0.01% OF INTERNET USERS WILL LOSE INTERNET ACCESS".... I think it's silly when you actually do the math. Not to mention the fact that it's not like they are going to lose an arm or a leg. It's not like their going to be denied food or shelter. It's the Internet FFS. Go to Best Buy and grab some anti virus, and then go back to trolling facebook all day. Problem solved.
Instead of shutting down the clean DNS server... by pentalive · 2012-07-08 09:39 · Score: 1

When it found the bad guys in estonia, the FBI had a clean DNS server setup to replace the malicious one. Monday that server is being shut down. Why didn't the FBI have that DNS server re-direct all page queries to a single page that says "You are infected with DNS changer, you need to do this ..."?
Speaking of Google by anubi · 2012-07-08 10:28 · Score: 1

If come Monday, and you have to help a friend regain DNS, Google's public DNS is at 8.8.8.8 and 8.8.4.4.

More here

--
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]