Slashdot Mirror
DNSChanger Shut-Down Means Internet Blackout Coming For Hundreds of Thousands
Since you're reading this here, you're probably already aware that in the early hours of Monday, lots of DNS calls are going to fail as the FBI turns off servers from which Windows machines infected with DNSChanger have been served. New submitter SuperCharlie adds a reminder of the impending shutdown, and adds:
"The FBI has a step-by-step method for you to see if you are infected in this PDF document, or you can go to dcwg.org for an automated check if you are so inclined."
Zzzz, when will the ignorant Apple trolls get bored of these things?
http://techland.time.com/2012/04/23/dnschanger-fbi-warns-infected-computers-will-lose-web-email-access-in-july/
"DNSChanger targets Windows or Mac systems (Linux, iOS and Android users are in the clear) by manipulating Domain Name Servers (DNS), which translate syntax-based URLs into IP addresses. "
Is anyone else sick of hearing about this?
Just shut the servers down already and be done with it.
An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
They'll be getting lots of calls from all of the inept n00bs who got infected soon.
Is disconnecting hundreds of thousands of infected machines really a problem?
An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
What was ignorant about my comment?
It is fact that DNSChanger does not infect OSX. It doesn't infect iOS. It doesn't infect Linux, or BSD, or Amiga, or Android, or BeOS, or Plan 9, or Chromium, or OS2, or Solaris, or EMACS. I happen to be running one of the many OSs it does not infect.
Seriously? https://www.google.com/search?q=dnschanger+osx
Never ask for directions from a two-headed tourist! -Big Bird
iNo, iBut iYou iAre iNfected iWith iThe iFanboi iTroll iVirus, iWhich iS iNfinitely iMore iAnnoying...
IMO not informing them of what happened is. Believe it or not disconecting people, does not solve the problem, they buy a new computer take it to geek squad who nukes and paves it and sells them a rediculously overpriced unreliable antivirus. What could help would be to redirect the DNS servers to an informational page on how to clean off the current infection (IE hosting some cleanup tools), with tips of how to avoid infection again. No it won't educate 100% of them, some will take it to geeksquad anyway, some will find the download button and not read anything etc... but SOME will, and some is always better than none.
.. instead of shutting it down redirect all DNS requests to a page that says "Hey, butthead, your computer is infected. Fix it!"
"dcwg.org"? seriously?
.org website to run a security check on their computer?
Let me get this straight: the FBI is recommending people go to a nondescript
Can I next invite them to go to submit their information at fswrxt.net to check that their credit card wasn't hacked?
Simply false. DNSChanger can infect Windows, MacOS, and many consumer-grade routers that provide DNS or DHCP.
What's special about MacOS infections is that the user has to be an ignorant pollyanna to get infected. If I were you, I'd check my DNS config.
Wait, which OS does this malware run on?
You don't want to redirect them to a page which tells them how to get rid of a virus. Believing pages that tell them that their system has malware and they need to follow the instructions on the page to get rid of it, is one of the common means of *spreading* malware.
1) It's a bad idea to train users that they should actually believe a web page that tells them they have a virus and how to remove it. This is typically used to spread malware, not remove it.
2) The FBI wanted this to go on as long as possible, because it allows them to spy on the traffic sent to the now FBI-controlled servers.
Believe it or not disconecting people, does not solve the problem, they buy a new computer take it to geek squad who nukes and paves it and sells them a rediculously overpriced unreliable antivirus.
Actually that scenario does solve the problem. Infected machines need to be formatted and reinstalled.
An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
"DSNChanger"?
And this is yet another dupe of this tedious "story", last just two days ago.
FBI To Shut Down DNSChanger Servers Monday -- But Should It Cut Off 300k PCs?
Posted by Soulskill on Thu Jul 05, '12 04:18 AM
And a thousand Microsoft Access fat clients lose access to their back-end databases.
It's a massive win to me, because many of those people will probably sell their computer outright and buy another one, and then I can buy some of them (the nicer ones, anyway) at yard sales. A year or two ago (two I think) I got an Athlon 64 X2 4000+ system with a 20" LCD for $125 because the owner forgot the Admin password and couldn't figure out how to run recovery. The LCD also has S-Video, component and composite inputs and I'm using it for my PS2 right now...
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
No, in this case, the malware is installed between the keyboard and the chair.
DNSChanger infections by AS
Top infected ISPs:
source
What a great idea! I'll just write a similar wallpaper-based antivirus in MSPaint right now.
> Is disconnecting hundreds of thousands of infected machines really a problem?
It doesn't disconnect the machines, as many people have already pointed out. It simply causes their DNS lookups to fail.
Often wrong but never in doubt.
I am Jack9.
Everyone knows me.
Why did this get flamebait? working in a PC shop 6 days a week i can tell you that since Vista damned near every bug I've seen has been a PEBKAC related infection.
What you see is the infections taking certain obvious routes over and over:: 1.- "ZOMG U got teh viruz! Run "Iz not viruz iz cleanerz!.exe" to kill teh bug ZOMG!" 2.-"want teh hot lezboz? U 2 can have teh hot lezboz! Just run "Iz not bug iz codecz.exe" and U can be watching teh hot lezboz right now!" 3.-"Want teh latest (insert Hollywood movie or song) for free? U 2 can have teh (insert Hollywood movie or song) for free! Just run "Iz not bug iz new limewirez" and U can have (insert Hollywood movie or song) right now!" 4.- "Hey my BFF on FB LOL! Look at my funny video! Just run "Iz Not Bug iz video.exe" and be sure to say yes to UAC so U can see teh funny!"
Notice how EVERY DAMNED ONE is a PEBKAC problem? That damned "New Limewire" one I even had an ID10T that I had to throw out of the shop because when the AV practically threw itself onto the screen screaming "ITS A BUG! DON'T DO IT!" what did he do? he uninstalled the AV and then wanted ME to fix it because "It says right there its the New Limewire so make it work dammit!"
So I'm sorry but as XP dies the days of the easy driveby are dying with it, replaced by an even easier target, lazy and or greedy and or stupid users.
ACs don't waste your time replying, your posts are never seen by me.
Translation: cracking (hacking for the media) is 95% social engineering. Always was. Always has been.
Don't fight for your country, if your country does not fight for you.
Keeping the server up for so long was a mistake. Not warning users was a huge mistake too.
What I would have done:
Keep the server up for 10 days. ... blah blah blah. Your internet connection will stop working in N days. Click here to continue to the site you where visiting".
Redirect all requests to a page that says "Your computer has been compromised
Simple yet effective.
WTF am I doing replying to an AC at 5 A.M on a Friday night?
But it wouldn't be FBI that redirected the traffic. It would be the malware that redirected it, FBI would just be in control of where it got redirected to. And actually I read somewhere that FBI wasn't even doing this themselves, they left the technical part to ISC.
Do you care about the security of your wireless mouse?
Until malware seriously impacts those who are affected by it, interest by people to defend against it will remain minimal. Spammers thrive in this environment, because people don't care and can get away with it.
I am still for a forced disconnect of any spamming botnet member until he has cleaned up his machine. When you drive your car on a public road, you have responsibility for it being roadworthy. Same logic applies to computers on the Internet. If you don't connect it to anything, I don't care how many kinds of malware your machine contains. If you go online, and you don't have working headlights, so to speak, you need to be taken off the road.
I've had this argument inside ISPs. I am disgusted to this day by their cowardice. They fear customers would leave for competitors. Yeah, they probably would. That's why we need laws and regulations here, so everyone is in the same boat, at least within the same jurisdiction.
So I applaud this move, though I think it should've come much earlier.
Assorted stuff I do sometimes: Lemuria.org
Notice how EVERY DAMNED ONE is a PEBKAC problem?
No, I don't. And I've given speeches about this very subject.
The problem is a user interface design problem. The computer lies to the user, a user untrained in computers and thus unable to spot the lie. I'm not talking about the "hot lesbians inside" lie, I am talking about the lie where the user intends to do one thing, instructs the computer to do it, and the machine does something entirely different without telling the user.
The computer displays an icon indicating that something is a video. User clicks on it, intending to watch a video. Instead, a program is executed and installs malware on the machine. There are so many design failures here, it is painful:
* false information about the nature of the object
* bad interface design not allowing the user to express his action clearly (clicking on an action has context-specific meanings)
* bad ACL allowing an unintended action to have even more unintended consequences
* bad feedback to the user as to what is actually happening
To abuse a car analogy - malware is like a CD that you put into your CD player in your car and it makes a copy of your car keys and when you're driving past the next post office, mails it to someone in Poland.
And you are blaming the driver. Seriously?
The real solutions are a little less convenient than simply blaming the user. They require thoughts, intelligence, lots of testing inside and outside the lab, to find better user interface paradigms. One that, for example, allows the user to make a difference between "show me this document" and "run this program". And a change in mindset that moves away from the "users are stupid, let's not bother them with the difference between documents and programs" to "actually, it turns out that with a bit of training, people do understand the difference between the switch that controls the lights and the one that controls the windshield wipers".
It also requires smarter technology that can really undo actions. When software installs follow the change set concept, then we are getting somewhere.
There's a lot more, and I don't claim to have even the majority of the answers, much less all of them. But I do know that we've been asking the wrong questions for way too long. I have about a dozen pieces of the puzzle that I've researched in depth, and in all cases it turns out that stupid users is not the root cause.
In fact, IT security would be a lot better off if it were to simply accept stupid users as a fact, just like limited memory and damaged network packages and find ways to work with them without falling over. You know, the Ping of Death was really, really embarassing. Most of IT Security is much like it.
And yes, I know what I'm talking about, I do this for a living, I give speeches about it, I've been doing research on this for over a decade. If you're in Europe, you can hire me on this.
Assorted stuff I do sometimes: Lemuria.org
No one sees the ".exe" extention except those of us who turn extension-hiding off. IzNotBugIzVideo.exe uses a video icon, and the same action (double clicking) plays videos and runs executables.
What would someone in Poland do with my car keys?
Take off every 'sig' !!
Probably have better luck with hoping for better security.
The first step is actually the easiest if MS would get off their stinking ass and change a single default behavior as the OS Should Never - I say Never Hide any file extensions by default. This is the first setting I change on any window box I touch. It's not much but by god it helps the user detect that something is lying about what it is. Of course the PEBKAC still exists if the user doesn't pay any attention to the extensions - Seems that many americans now have less attention span then a damn Gnat. God help the internet.
Mod me up/Mod me down: I wont frown as I've no crown
Is it so hard to turn on file extensions and see that despite the movie file icon, it is an exe and so a program?
Who is the irresponsible idiot that hid the extensions in the first place, maybe it was the same that had by default auto start enabled on .inf files?
Yes MS I'm blaming you for bringing up a generation of clueless, at least in the DOS days we still knew what an extension stood for!
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
I have to agree with hiding the file extensions is a stupid idea, and yes, I turn that off as one of the very first things I do when I touch a computer.
Less attention span has very little to do with Americans and just people in general. It comes from the multitasking that the younger generation gets thrown into. They just can't pay attention to any single one thing for a decent amount of time. They are so used to juggling 5 things at once, and the human brain just doesn't multitask well for 98% of the people out there; I did read that around 2% (numbers aren't accurate, but it was indeed a small percentage) of people can actually multitask 2 things at once with little degradation of performance in either task, but it didn't say how good they were doing those tasks to start with.
I'm sorry but he's full of shit because he is still pretending everyone has WinXP when in Vista and Win 7 there is UAC WARNINGS before you launch executables but NO warning before you just play a video.
And perhaps you both better read what I wrote again because in damned near every case the AV TRIED to stop them, did everything but yank the damned keyboard away, but they simply refused to listen (or in the case of the "New Limewire" guy) actively REMOVED THE ANTIVIRUS TO ALLOW THE MALWARE IN.. Now you tell ME friend, short of an Apple style "You may do nothing without corporate approval" style iOS can you stop that in ANY way by changing any part of a UI?
The answer is you can't, because its NOT a UI problem, despite the "ZOMG HAIRY WORKS FOR M$" troll we had in this thread, its a dancing bunnies problem where the user KNOWS what they are doing is risky, they KNOW there is a more than average chance at infection, but for free movies/music/porn/stuff they simply DO NOT CARE and will happily help the malware writer remove any and all roadblocks that get between them and the prize. so I'm sorry, but you can't fix a user problem with a tech solution, it just doesn't work unless you take away all the rights and give them thin clients.
ACs don't waste your time replying, your posts are never seen by me.
Here's a clue
You think that I could study computer science without realizing that? What you don't realize is that there is an important difference in running a known application and having it open a file and running an unknown application. Secondly, that there is a difference between running an application when you want to and know that you are doing so and running an application without realizing that you are doing so.
The bad guys will use whatever they can
That, exactly, is the point. Why do we give them so many ways to use?
You're stupid suggestions do nothing to make this better.
Sorry to burst your babble, but some of "my" suggestions aren't my own inventions but are from peer-reviewed articles that show they do have the desired effect. Unfortunately, much of this has never gone beyond prototype stage, because the major OS vendors aren't accepting the responsibility, either don't give a fuck (MS), are too focused on not breaking the consistency of their design (Apple) or are run by geeks who don't understand user interface design (Linux).
Making the user aware that they run a program to view a document will change nothing.
I see you are one of the people who believe that user awareness is the problem. It isn't. The futility of user awareness trainings, which we in the IT security industry have been running for decades to little effect, should've made clear that this isn't true.
There will always be stupid users and they will always outnumber smart ones
There is no such thing as a stupid user. Every time an IT security person uses the word "stupid user", he is trying to draw attention away from his own failures. I have done root cause analysis on "stupid user" topics, and I can show you a deeper cause for every issue commonly attributed to "stupid users".
Your attitude towards users is one of the reasons that things are as ugly as they are. If car makers would think the same about drivers, our highways would be slaughter houses and people would dread driving, not enjoy it.
Assorted stuff I do sometimes: Lemuria.org
How do you decide what is "executable" and what isn't?
Good point, yes. I don't have an answer for that. The reverse would be easier: The system knows what kinds of file types it can handle that are not executables.
Users simply ignore this
Of course they do. We've trained them for a decade that warning dialogs are a nuissance, nothing important is ever in them, they're filled with techno-babble, and interrupt their work at the worst possible moments and the default option is almost always the one they want.
The reason is simplicity: We simply want the computer to "open" whatever it is we're interested.
I believe we've been trained to think that way. I remember times when that wasn't true. Early computers didn't have this metaphors. You did not "open" a document from the command line. You ran a program and then opened the file from that program's open dialog. I still remember that opening a document directly was confusing to me at first.
Download a good program and left-click it by habit
But that's today's habit. My thought experiment was assuming that what we have today never happened, so this habit has never formed.
Fundamentally it comes down to understanding the separation of the two kinds of files and why it's important to treat them differently. This requires technically informed users -- the very same flaw as simply displaying file extensions.
I do believe that users aren't that stupid - you just have to speak their language. File extensions and binary code isn't their language.
What we need are better metaphors. The ones we have suck. Humans are fantastic at applying metaphors. I'm not a linguist except by interest, so I don't think I can come up with the solution. But I've done enough research to believe that the solution lies somewhere in that direction.
It'll be a jump, one we can hardly imagine. Like multitouch - it seems to natural and obvious now that we've had it for a while, but 20 years back it wasn't obvious in the least. Gestures? Please. Go back 30 years and try to explain gestures to the C64 home computer crowd. A mouse was revolutionary in those days.
I believe we will solve this on the user interface design front, and then we'll look back and wonder how we could ever be so stupid.
Assorted stuff I do sometimes: Lemuria.org