Slashdot Mirror

← Back to Stories (view on slashdot.org)

DNSChanger Shut-Down Means Internet Blackout Coming For Hundreds of Thousands

Posted by timothy on from the are-you-on-the-list dept.

Since you're reading this here, you're probably already aware that in the early hours of Monday, lots of DNS calls are going to fail as the FBI turns off servers from which Windows machines infected with DNSChanger have been served. New submitter SuperCharlie adds a reminder of the impending shutdown, and adds: "The FBI has a step-by-step method for you to see if you are infected in this PDF document, or you can go to dcwg.org for an automated check if you are so inclined."

13 of 264 comments (clear)

  1. Re:Or... by Johnny+O · · Score: 5, Informative

    http://techland.time.com/2012/04/23/dnschanger-fbi-warns-infected-computers-will-lose-web-email-access-in-july/

    "DNSChanger targets Windows or Mac systems (Linux, iOS and Android users are in the clear) by manipulating Domain Name Servers (DNS), which translate syntax-based URLs into IP addresses. "

  2. Pull the plug by Dan541 · · Score: 5, Insightful

    Is anyone else sick of hearing about this?

    Just shut the servers down already and be done with it.

    --
    An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
  3. Re:Why did this do it this way? by Dan541 · · Score: 5, Insightful

    Is disconnecting hundreds of thousands of infected machines really a problem?

    --
    An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
  4. Re:Or... by qwertphobia · · Score: 5, Informative

    What was ignorant about my comment?

    It is fact that DNSChanger does not infect OSX. It doesn't infect iOS. It doesn't infect Linux, or BSD, or Amiga, or Android, or BeOS, or Plan 9, or Chromium, or OS2, or Solaris, or EMACS. I happen to be running one of the many OSs it does not infect.

    Seriously? https://www.google.com/search?q=dnschanger+osx

    --
    Never ask for directions from a two-headed tourist! -Big Bird
  5. Re:Why did this do it this way? by Riceballsan · · Score: 5, Interesting

    IMO not informing them of what happened is. Believe it or not disconecting people, does not solve the problem, they buy a new computer take it to geek squad who nukes and paves it and sells them a rediculously overpriced unreliable antivirus. What could help would be to redirect the DNS servers to an informational page on how to clean off the current infection (IE hosting some cleanup tools), with tips of how to avoid infection again. No it won't educate 100% of them, some will take it to geeksquad anyway, some will find the download button and not read anything etc... but SOME will, and some is always better than none.

  6. Security Awareness Fail by zedrdave · · Score: 5, Informative

    "dcwg.org"? seriously?

    Let me get this straight: the FBI is recommending people go to a nondescript .org website to run a security check on their computer?

    Can I next invite them to go to submit their information at fswrxt.net to check that their credit card wasn't hacked?

  7. Re:Or... by wkcole · · Score: 5, Informative

    Simply false. DNSChanger can infect Windows, MacOS, and many consumer-grade routers that provide DNS or DHCP.

    What's special about MacOS infections is that the user has to be an ignorant pollyanna to get infected. If I were you, I'd check my DNS config.

  8. Re:Why don't they... by techno-vampire · · Score: 5, Interesting

    One of the easiest ways to infect computers is to put up a website with a phony virus scan and tell everybody that their system's infected, then offer to "clean" it for them. Most of us are trying to get our friends and family to understand that when a random website tells them that their computer's infected, it's a scam. What you're suggesting would just make our lives that much harder. Having all of their DNS fail, however, is going to make these people understand that there's something wrong, even if they don't have a clue about what's happening.

    --
    Good, inexpensive web hosting
  9. Re:Why did this do it this way? by Jiro · · Score: 5, Interesting

    You don't want to redirect them to a page which tells them how to get rid of a virus. Believing pages that tell them that their system has malware and they need to follow the instructions on the page to get rid of it, is one of the common means of *spreading* malware.

  10. Re:DSNChanger??? by noobermin · · Score: 5, Funny

    No, in this case, the malware is installed between the keyboard and the chair.

  11. Re:Why don't they... by toygeek · · Score: 5, Funny

    Various ISP's have been doing this for a while. I know of one Very Big ISP that does HTML injections, emails, and snail mail letters to their customers saying "Hey, butthead, your computer is infected. Fix it!" and guess what happens?

    Big. Fat. Nothing.

    Joe Jackass gets that letter in his mail with his bill, and goes "Huh, wonder what that is" and then trashes.

    And the gorgeous part of it? Monday, guess whose fault its going to be? That's right, the ISP's.

    People are ignorant of it, and when presented with facts, their ignorance turns into anger, and their anger turns to blame, and suddenly its somebody elses fault, so they feel justified in their ignorance.

    Yes, I do tech support in a call center for a living. F'ing kill me now. Before Monday, please.

    --
    Nobodies Prefect
    Tidbits for Techs Technology Blog
  12. Re:DSNChanger??? by hairyfeet · · Score: 5, Insightful

    Why did this get flamebait? working in a PC shop 6 days a week i can tell you that since Vista damned near every bug I've seen has been a PEBKAC related infection.

    What you see is the infections taking certain obvious routes over and over:: 1.- "ZOMG U got teh viruz! Run "Iz not viruz iz cleanerz!.exe" to kill teh bug ZOMG!" 2.-"want teh hot lezboz? U 2 can have teh hot lezboz! Just run "Iz not bug iz codecz.exe" and U can be watching teh hot lezboz right now!" 3.-"Want teh latest (insert Hollywood movie or song) for free? U 2 can have teh (insert Hollywood movie or song) for free! Just run "Iz not bug iz new limewirez" and U can have (insert Hollywood movie or song) right now!" 4.- "Hey my BFF on FB LOL! Look at my funny video! Just run "Iz Not Bug iz video.exe" and be sure to say yes to UAC so U can see teh funny!"

    Notice how EVERY DAMNED ONE is a PEBKAC problem? That damned "New Limewire" one I even had an ID10T that I had to throw out of the shop because when the AV practically threw itself onto the screen screaming "ITS A BUG! DON'T DO IT!" what did he do? he uninstalled the AV and then wanted ME to fix it because "It says right there its the New Limewire so make it work dammit!"

    So I'm sorry but as XP dies the days of the easy driveby are dying with it, replaced by an even easier target, lazy and or greedy and or stupid users.

    --
    ACs don't waste your time replying, your posts are never seen by me.
  13. Re:DSNChanger??? by Tom · · Score: 5, Insightful

    Notice how EVERY DAMNED ONE is a PEBKAC problem?

    No, I don't. And I've given speeches about this very subject.

    The problem is a user interface design problem. The computer lies to the user, a user untrained in computers and thus unable to spot the lie. I'm not talking about the "hot lesbians inside" lie, I am talking about the lie where the user intends to do one thing, instructs the computer to do it, and the machine does something entirely different without telling the user.

    The computer displays an icon indicating that something is a video. User clicks on it, intending to watch a video. Instead, a program is executed and installs malware on the machine. There are so many design failures here, it is painful:
    * false information about the nature of the object
    * bad interface design not allowing the user to express his action clearly (clicking on an action has context-specific meanings)
    * bad ACL allowing an unintended action to have even more unintended consequences
    * bad feedback to the user as to what is actually happening

    To abuse a car analogy - malware is like a CD that you put into your CD player in your car and it makes a copy of your car keys and when you're driving past the next post office, mails it to someone in Poland.
    And you are blaming the driver. Seriously?

    The real solutions are a little less convenient than simply blaming the user. They require thoughts, intelligence, lots of testing inside and outside the lab, to find better user interface paradigms. One that, for example, allows the user to make a difference between "show me this document" and "run this program". And a change in mindset that moves away from the "users are stupid, let's not bother them with the difference between documents and programs" to "actually, it turns out that with a bit of training, people do understand the difference between the switch that controls the lights and the one that controls the windshield wipers".
    It also requires smarter technology that can really undo actions. When software installs follow the change set concept, then we are getting somewhere.
    There's a lot more, and I don't claim to have even the majority of the answers, much less all of them. But I do know that we've been asking the wrong questions for way too long. I have about a dozen pieces of the puzzle that I've researched in depth, and in all cases it turns out that stupid users is not the root cause.

    In fact, IT security would be a lot better off if it were to simply accept stupid users as a fact, just like limited memory and damaged network packages and find ways to work with them without falling over. You know, the Ping of Death was really, really embarassing. Most of IT Security is much like it.

    And yes, I know what I'm talking about, I do this for a living, I give speeches about it, I've been doing research on this for over a decade. If you're in Europe, you can hire me on this.

    --
    Assorted stuff I do sometimes: Lemuria.org