• FBI Could Pull the Plug On Millions of Internet Users March 8

    by
    Cabalo
    Rate this article
    Published on 02-16-2012 04:04 PM    
    6 Comments Comments
    The Federal Bureau of Investigation may yank several crucial domain name servers (DNS) offline on March 8, blocking millions from using the Internet. The servers in the FBI’s crosshairs were installed in 2011 to deal with a nasty worm dubbed DNSChanger Trojan. DNSChanger can get an innocent end-user in trouble; it changes an infected system’s DNS settings to shunt Web traffic to unwanted and possibly even illegal sites.

    DNSChanger oozed out of Estonia and may have fouled up as many as a half-million computers in the United States. The feds’ temporary fix to keep the worm from propagating was to replace infected servers with clean surrogates.

    Coordinating with the Estonian authorities who arrested those believed responsible for the worm, the FBI set up what amounted to a Maginot Line of temporary servers that would to give businesses and private individuals affected by DNSChanger time to cleanse infected systems. However, this may not have been enough to save all the afflicted. Cyber security journalist Brian Krebs writes:

    Computers still infected with DNSChanger are up against a countdown clock. As part of the DNSChanger botnet takedown, the feds secured a court order to replace the Trojan’s DNS infrastructure with surrogate, legitimate DNS servers. But those servers are only allowed to operate until March 8, 2012. Unless the court extends that order, any computers still infected with DNSChanger may no longer be able to browse the Web.
    [Internet Identity president and CTO Rod] Rasmussen said there are still millions of PCs infected with DNSChanger. “At this rate, a lot of users are going to see their Internet break on March 8.”
    According to Mr. Krebs, Internet Identity believes DNSChanger infected “half of all Fortune 500 firms, and 27 out of 55 major government entities.”

    Large network operators unsure as to whether their system is infected can contact the DNS Changer Working Group for assistance here. Private users may be able to ferret out a localized infection by following steps outlined here, at DCWG.org.
    1. Categories:
    2. Internet
    Comments 6 Comments
    1. bobbintb's Avatar
      bobbintb - 02-16-2012, 05:27 PM
      heres a thought: why not just take the servers down altogether? i fail to see an issue here.
    1. jagermaus's Avatar
      jagermaus - 02-16-2012, 09:52 PM
      I second that...then at least they would know somethings up.
    1. eyekey's Avatar
      eyekey - 02-16-2012, 10:27 PM
      lmao
    1. tesco's Avatar
      tesco - 02-18-2012, 11:22 PM
      The solution would be to redirect all internet traffic that goes through those DNS servers to a page explaining what the issue is, how the user can fix it, and where they can get support.
      It should have been done as soon as they took over the servers.
    1. ersatzp's Avatar
      ersatzp - 02-19-2012, 06:29 PM
      Quote Originally Posted by tesco View Post
      The solution would be to redirect all internet traffic that goes through those DNS servers to a page explaining what the issue is, how the user can fix it, and where they can get support.
      It should have been done as soon as they took over the servers.
      You're suggesting a simple yet effective solution to the problem, why would the government ever want to do that?
    1. Monteiro's Avatar
      Monteiro - 02-28-2012, 05:05 AM
      Let's wait and see ;P
Page Generation Time
0.15
Number of Queries
82
Links: Talkgold Forum | AdServices