Five reasons DNSChanger victims deserve to lose the internet

Five reasons DNSChanger victims deserve to lose the internet

Summary: The FBI's shut-down of temporary DNS servers will rid the internet of those infected by DNSChanger, and it will be a better place because of it.

commentary Six thousand Australians infected with DNSChanger malware are set to be cut off from the internet on Monday, when the FBI shuts down the temporary servers that are keeping them online. In my opinion, they deserve to lose the privilege to connect to the internet.

DNSChanger tricks computers into connecting to rogue DNS servers, which point certain domain names to IP addresses of their choosing. For instance, these rogue DNS servers could point to a malicious site without the user knowing. Those infected with the malware rely on these servers for their connection. Although the FBI commandeered the rogue servers and corrected the DNS records, it isn't fair to expect it to do this forever, and at 2pm AEST on 9 July, it will rightfully shut them down. According to the Australian Communications and Media Authority (ACMA), this will leave around 6000 infected Australians in the dark.

And you know what? These users probably deserve it. I'll give you five reasons why.

1. Users have been given fair warning

We've known about this issue for ages now, and the amount of groups that are warning users is absolutely staggering. The FBI has obviously made some noise, but in Australia, the ACMA has chimed in, and technology sites like ZDNet have been canvassing the issue for months.

You also can't say that only the technologically savvy have heard of DNSChanger. Both of Australia's own mainstream media outlets have published articles on DNSChanger in the past, and, internationally, there has been action by Google and Facebook to warn users.

If they've never used Google or Facebook on the internet before, I doubt they'll miss it much when it's seemingly gone.

2. There are free tools for DIY detection

It's not difficult to detect. ACMA, the Computer Emergency Response Team Australia and Stay Smart Online have created a DNSChanger diagnostic site that tells you (with a certain margin of error) whether you're infected in a single click. Need another language? Fine. How about the same thing in German, Finnish, Swedish, double Dutch or French?

And when it comes to removal, just about every antivirus firm has a free, automated tool to fix the problem.

3. The deadline has been extended

There's no excuse for not being prepared. The original date for the plug to be pulled on the commandeered DNS servers was 8 March, but this was extended by four months. Four months is more than enough time for someone to download a free patch.

It's not a complicated problem; it doesn't actually require any working knowledge of how DNS works, or even what DNSChanger is to fix it, and it certainly doesn't take ages to implement.

4. DNSChanger victims are dangerous

So far, we know this: DNSChanger victims either don't use the internet themselves, or they ignore warnings that they're infected. They've ignored the huge number of free tools for detecting it, and in all likelihood don't run a good antivirus application. Had the deadline not been extended, they wouldn't have done anything about it in the first place.

This means that they're the sort to not know they're part of a hacktivist-controlled denial-of-service botnet, an email-spamming scheme, a host to malware that can be passed to other users or a combination of all of the above. In short, they're a danger to others on the internet. On the highway, they're the owner of that unmaintained vehicle that has parts falling off, oil leaking everywhere, broken signal lights and high beams on all the time.

Everyone has a right to access the internet, certainly, but when they become a danger to everyone else and refuse to take action to ensure the safety of those around them, they deserve to lose their licence.

5. This is a wake-up call

At the end of the day, no one will be "banned" from the internet. Almost everyone has an alternative method of connecting to the internet, or, at the very least, knows someone else who does. So all this really does is send a lesson to an entire group of people who think that the "if it ain't broke, don't fix it" approach to security is acceptable with few repercussions.

Like the vehicle in my earlier example, these users need a huge disruption that interrupts their normal routine before they do anything. There's nothing like fines from the state government for operating an un-internet-worthy computer or mandatory annual inspections, but there is the equivalent of a breakdown from malware. The removal of the commandeered DNS servers is just that breakdown.

What I hope happens on Monday afternoon is that the DNSChanger victims sit in their internet darkness and start to wonder whether that darkness has anything to do with those warnings they've been seeing for months on end. And if that's enough for even a few to change their ways and become more responsible when they do come back online, I'd say it's worth it.

Topics: Security, Government AU

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Absolutely correct Michael!

    Everyone has a right to be an idiot but when that idiocy starts to affect others, "others" then have a right to negate that idiocy by whatever means is available. Your analogy of an unmaintained vehicle on the highway is spot on!
  • Absolutely correct Michael!

    Everyone has a right to be an idiot but when that idiocy starts to affect others, "others" then have a right to negate that idiocy by whatever means is available. Your analogy of an unmaintained vehicle on the highway is spot on!
  • Dangerous Sentiments

    When the technocrati start decrying people who are out of the loop as "idiots", we're in very dangerous territory. While there might well be many apathetically standing by, just as many might simply not understand what is going on.
    • dangerous people

      here we go again -- when we propose a solution all the do-gooders flock in..

      they have no intention of helping to solve the problem JUST make it harder for those who want and need a solution...

      I can think of stronger words to use BUT that is not the issue...
      we have a problem LETS fix it...
      personally I would have pulled the plug on day one....
      mmmm a very dangerous person...
    • You're kidding, right?

      First brief definition of terms: Ignorance - results from the lack of information. All are ignorant until informed.

      Idiot - results from ignoring information. These are the apathetics you speak of.

      Which one has the right to jeopardize the experience of others on the internet? Let's go back to the wonderful vehicle analogy. Reckless driver or dangerously clueless driver which one should the police give a free pass to?
  • You need to do a little reading on NAZI's

    This is how it starts. You deserve is not a legal term. The current administration DESERVES to spend 20 years in jail for "Fast and Furious' gun running scam in Mexico.
    • Uh-huh...

      By that logic, everyone in the previous administration DESERVES to spend 60,000 years in jail for
  • ignorance is not an excuse

    If you can't keep it in good repair, you don't deserve to drive it. The standards for cars and especially computers are pretty low. You don't have to know _why_ smoke is blowing just need to get it fixed or shut it down.

    Many are ignorant who don't understand, and won't take the time to learn or ask for help. Many _are_ idiots, who know that something is wrong, but will keep acting recklessly until something breaks for good.

    Learn the rules of the the road, or pull over. We don't need to waste more time and money for a DNS crutch. The interwebz will not miss the spam, pings, and probes. And no-one will care that there will be a few thousand fewer votes for cute kitty videos, or a drop in tinfoil-helmet forum trolls.

    Same thing will happen...they'll trash their computers and go buy another zombie-to-be computer.
    • Rules?

      What rules?!

      Your'e comparing using the Internet to using the road? You only know the rules of the road because you HAVE TO in order to get a driver's license. It's organised, there are teaching procedures, control procedures, awareness campaigns, and finally repressive measures. And we all know how that works out for the number of people killed or injured on the road every day (are all of them also "ignorant idiots" to you? )

      What the FBI is doing now and what you all seem to be applauding, is basically applying just the repressive measure to an issue that what was in no way made sufficiently clear to the general public.
      • I beg your pardon!

        After an intensive search for the group launching this bot, the FBI found them, arrested them, and seized the servers that were running the bogus DNS services. In order to keep from disrupting people's internet services, the FBI repaired the servers (to point to accurate and correct DNS servers) and has been running these servers for a year in order to give people time to fix their computers. When the original year was up they extended the time another four months just to be sure everyone had a chance to fix their machines. That time is now up and the FBI has other things they want to spend money on instead of paying hosting costs for an unnecessary service. This isn't some "repressive measure"; it's making sure at least some of their budget is sent wisely.

        A better example is not driving with a dangerous car. It's having your house catch fire because of a bad fuse box, which the power company warned you was a danger, yet you've been "making do" by using multiple extension cords plugged into each other to get around the bad circuits. And as the fire department is hosing down your house, you blame the power company for starting the fire!
  • Blatantly wrong

    It's astonishing to see how well informed you are about technology and how little you seem to know about people around you.

    Contrary to what you may think, many (I mean tens of millions) of people around the world DO NOT use the internet for blogging and getting tech updates. They use it to access the incredible amounts of knowledge found online, that they then apply in their everyday lives.

    I'm talking about people who sometimes don't know how to drag and drop, connect to Wifi or any other thing you seem to think justifies writing them off as idiots. Mind you, these people often have very successful careers, interesting lives (granted not in the IT industry), and tell me about stuff they found online I never knew existed.

    Believe me, these people have no idea of what DNSChanger is, and no interest in it whatsoever. And why would they? Why would a writer, a farmer, a policeman, even a nuclear scientist all be expected to follow IT blogs in order to know what malware is on the loose this month? Computers and the Internet are their tools, they expect them to work.

    Personally I think we should just acknowledge that making technology REALLY user-friendly (as in safe) is still far off from being done and we should continue working on its issues instead of blaming users who are in no way responsible for any mess caused by something they couldn't possibly understand and shouldn't need to.
    • End the coddling

      Have you actually seen a machine with this infection running? Every example I've come across had other not at all subtle items in the payload. How many months of of obnoxious pop-ups does it take for someone to go looking for help on making it stop?

      We're talking about a tiny number of machines worldwide. The largest number is in the US and is less than 70K systems.

      Keep in mind, the FBI had no obligation to set up those replacement DNS servers. The entire base of infected systems could have lost their connections quite a long time ago and the natural course of events allowed to proceed. At the time the number was in the millions. The logic behind the plan was that actively used machines were bound to be repaired within a given time frame due to the sheer annoyance level of the malware. Many of them would be repaired without anyone ever knowing they were infected, as part of being reimaged when put back in active use.

      This leads to the question of just what these remaining systems are and how they're used or if they're used at all. Several thousand are likely monitoring or logging systems that are never touched directly and either automatically dump to a remote system or are logged into from a remote system manually. The infection could go completely unnoticed in that case and will be easily dealt with when the owner is forced to deal with the issue.

      Another major portion of those systems are likely sitting in empty offices, unused for months at a time but still powered on in standby mode because nobody has looked at it in all that time. That happens a lot when companies reduce their head count in a bad economy. Some IT shops like having all of their machines left on for monitoring purposes. Many of these shops have inactive workstations, often elderly machines kept around just in case a particular bit of legacy hardware or software needs to be accessed before being eliminated entirely.

      The list goes on. Out of all the estimated 350K infected systems the number to leave some entirely unsuspecting person with no internet access on the machine they use daily is exceedingly low. That person would have to have a remarkable amount of tolerance for a malware infested system.
    • Wrong

      "something they couldn't possibly understand"

      Are you joking? It's an extremely simple concept. I could explain it to a 4 year old. In order to find another computer to connect to, you need to use a name. Computers don't work based off of letters, they work based off of numbers (like 12 or 134). In order to make it easier for humans to find things, we "map" names to numbers. Some bad people switched the normal mechanism for converting names into numbers with their malicious version. The FBI replaced it after catching them, but they are legally not allowed to continue doing it after July 9th.

      How is that IN ANY WAY difficult to understand? Also, nuclear scientists are expected to have a lot of knowledge of computers, as are ALL scientists (any physics student can tell you that they are required to learn programming languages like Fortran and C). "Computer techies" are not the only ones required to have a good knowledge of how computers work.
      Wes Kerfoot
  • this is what you get

    for using Software from Satan™. When will fools wake up and realize that bad OS architecture has been the root cause of nearly (but not all) the untold billions of man-hours and dollars wasted on fixes and 'protections'? When scammers and grifters can make hundreds of millions on 'PC-matic' and 'Kapersky' one should realize that the root cause is the software, not the user.
  • Hmmm

    Really? 5 reasons? The post you wrote is a bit moronic. Anyone in the field can tell you that almost no-one knows about this. Some of them are intelligent and aware people too.
  • rubbish

    Seriously, are you saying anyone who is not a geek needs to be shafted.
    Bet you cant change oil in a car and you definitely deserve to walk.
    • rubbish

      this fool will end up running some bank bankrupt and blaming the depositors.
  • You are clueless, arn't you.

    This massive communications drive you obviously heard of after smoking something nice does NOT exist. I am QUITE tech savy, my family members are all tech savwwt, probably much more than you are, and DEFINITELY know more about computer security than you do. I have not seen anything, and no one has warned me until l I saw a stray alert (not in major media) yesterday. It took me seconds to check my systems, but I know many people who, even if they saw the announcement, would have any idea what to do. They MIGHT ask me next time they saw me. Aside from the lack of publicity about this, MOST people use a computer like a cell phone. They turn it on and they turn it off. I agree that the system has to come down at some time, but your ignorent and arrogant rant adds nothing.
    Theodore Rosenberg
  • Solutions.....

    There is one thing I have not understood. When the FBI set up their corrected DNS server, why wasn't it discussed to send all DNS lookups to a simple page that automatically removed the virus, or alternatively provided a list of the antivirus links to remove the virus? I'm usually disappointed in the lack of proactive solutions that are missed opportunities. We could have shut down this server many months ago had this type of solution been implemented.

    I believe it won't be much longer, and white hat hackers will begin to build pro-active worms that will spread through exploited vulnerabilities, correct issues, notify the user, ask permission to search for other exploitable machines locally, then destroy themselves after a period. There are more steps that we can take as a community to protect ourselves from ignorant users than to just pull the plug on them.
    • I was going to suggest the same thing

      When I was at university, that's exactly what the IT department did if they suspected somebody had a virus or malware on their machine.

      The page had an explanation, some links to appropriate software (which were allowed through) and a telephone number to call if they still couldn't figure it out.