DNSChanger tricks computers into connecting to rogue DNS servers, which point certain domain names to IP addresses of their choosing. For instance, these rogue DNS servers could point Google.com to a malicious site without the user knowing. Those infected with the malware rely on these servers for their connection. Although the FBI commandeered the rogue servers and corrected the DNS records, it isn't fair to expect it to do this forever, and at 2pm AEST on 9 July, it will rightfully shut them down. According to the Australian Communications and Media Authority (ACMA), this will leave around 6000 infected Australians in the dark.
And you know what? These users probably deserve it. I'll give you five reasons why.
1. Users have been given fair warning
We've known about this issue for ages now, and the amount of groups that are warning users is absolutely staggering. The FBI has obviously made some noise, but in Australia, the ACMA has chimed in, and technology sites like ZDNet have been canvassing the issue for months.
You also can't say that only the technologically savvy have heard of DNSChanger. Both of Australia's own mainstream media outlets have published articles on DNSChanger in the past, and, internationally, there has been action by Google and Facebook to warn users.
If they've never used Google or Facebook on the internet before, I doubt they'll miss it much when it's seemingly gone.
2. There are free tools for DIY detection
It's not difficult to detect. ACMA, the Computer Emergency Response Team Australia and Stay Smart Online have created a DNSChanger diagnostic site that tells you (with a certain margin of error) whether you're infected in a single click. Need another language? Fine. How about the same thing in German, Finnish, Swedish, double Dutch or French?
And when it comes to removal, just about every antivirus firm has a free, automated tool to fix the problem.
3. The deadline has been extended
There's no excuse for not being prepared. The original date for the plug to be pulled on the commandeered DNS servers was 8 March, but this was extended by four months. Four months is more than enough time for someone to download a free patch.
It's not a complicated problem; it doesn't actually require any working knowledge of how DNS works, or even what DNSChanger is to fix it, and it certainly doesn't take ages to implement.
4. DNSChanger victims are dangerous
So far, we know this: DNSChanger victims either don't use the internet themselves, or they ignore warnings that they're infected. They've ignored the huge number of free tools for detecting it, and in all likelihood don't run a good antivirus application. Had the deadline not been extended, they wouldn't have done anything about it in the first place.
This means that they're the sort to not know they're part of a hacktivist-controlled denial-of-service botnet, an email-spamming scheme, a host to malware that can be passed to other users or a combination of all of the above. In short, they're a danger to others on the internet. On the highway, they're the owner of that unmaintained vehicle that has parts falling off, oil leaking everywhere, broken signal lights and high beams on all the time.
Everyone has a right to access the internet, certainly, but when they become a danger to everyone else and refuse to take action to ensure the safety of those around them, they deserve to lose their licence.
5. This is a wake-up call
At the end of the day, no one will be "banned" from the internet. Almost everyone has an alternative method of connecting to the internet, or, at the very least, knows someone else who does. So all this really does is send a lesson to an entire group of people who think that the "if it ain't broke, don't fix it" approach to security is acceptable with few repercussions.
Like the vehicle in my earlier example, these users need a huge disruption that interrupts their normal routine before they do anything. There's nothing like fines from the state government for operating an un-internet-worthy computer or mandatory annual inspections, but there is the equivalent of a breakdown from malware. The removal of the commandeered DNS servers is just that breakdown.
What I hope happens on Monday afternoon is that the DNSChanger victims sit in their internet darkness and start to wonder whether that darkness has anything to do with those warnings they've been seeing for months on end. And if that's enough for even a few to change their ways and become more responsible when they do come back online, I'd say it's worth it.