Will Malware Knock Thousands Off the Internet?
July 5, 2012
By Roger Thompson

 

DnsChanger deadline looming

The DnsChanger deadline is this coming Monday. In short, any personal computer infected by this DnsChanger malware will no longer be able to access the Internet until it is cleaned.   

Background

DnsChanger is not a virus, but is a Remote Access Trojan (RAT), which essentially does two things. The first is that your computer no longer talks to your proper ISP-assigned DNS, but to the criminal’s DNS. What this means is that they can easily divert a victim where ever they like. For example, you might think you are logging into your bank, but you could easily be logging into one of their computers, and from there automatically logging  into the bank. You are none the wiser, but the criminals are able to see your user id and password. The second, and even more horrifying issue, is that your computer no longer belongs to you, but rather to them. It might be sitting in your house, and using your electricity, but they own it and can force it to do whatever they want. This second issue is, of course, common to all RATS, and is exactly why you don’t want them on your system. 

DnsChanger has been around since 2006, and at one point, some 600,000 computers were infected by it. The controlling gang was arrested last November, and rather than immediately shutting down the controllers, as is normal when taking down a botnet, the FBI was allowed to replace the criminal’s rogue DNS with their own. This prevented 600,000 users suddenly losing Internet access, and gave people time to clean their computers. After six months, however, there are still some 300,000 infected computers. 

Cutting off Internet?

At first blush, this might sound a little alarming, but when you think about it, it’s actually a good thing, because these personal computers simply have to be cleaned. If they were vulnerable enough to be nailed by DnsChanger in the first place, they are highly likely to have other bits of malware as well, and if, after all the publicity this has had, they have not managed to get their machine tested, they are probably not going to without a little more incentive. Not being able to access any website will clearly provide that incentive. In the malware defense business, this is known as the Two By Four Attention Technique, where you liberally apply a two by four to someone’s head, but it has to be done. 

Come Monday…

If you do know someone who can no longer get to Facebook; it’s not the end of the world. They simply have to backup any data to which they are emotionally attached, wipe the disk, and reinstall the operating system. If they are in a corporate environment, that’s probably dead easy, and if they are a home user, or someone without a corporate support group, they’ll just have to go to the local pc store, and they’ll quickly find someone able to help them. 

Need help?

Are you worried about the DNS Changer? You can visit the DNS Changer Working Group website to test your computer, and find steps to remove the problem. 

It’s a tricky Internet folks. Keep safe.

Comments

Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.