Telstra has cut its customers' DNSChanger infections by almost half since it implemented a temporary redirect to ensure that victims would still be able to connect to the internet.
DNSChanger was malware that changed the DNS server that is used by devices to find internet addresses, from the standard server to one run by criminals. After the criminals behind the operation were arrested, these servers were to be shut down, but if they were, infected users would no longer be able to surf the web, as the DNS server they were using would be gone. Nonetheless, after a period of advertisements, they were.
Telstra opted to protect its own users by putting in place a similar measure, to keep infected users online. A month and a half later, Telstra's chief information security officer Glenn Chisholm told ZDNet that the infection rates had dropped from an estimated figure of 2500 to almost half, at 1298 infections.
"We've kind of halved it. The attention [now] is to really reach out to the remaining customers, and help them out as much as we can."
Chisholm said that once the remaining infection figure was low enough, Telstra would be able to remove its own redirection, and allow customers stand on their own. Although it was hard to predict an exact date, he was hopeful that it would happen in the next several weeks.
Bringing the redirect into play may have prevented an influx of calls to its customer service centres and would given Telstra more time to deal with the issue, but Chisholm explained that this wasn't actually Telstra's concern. He said that the redirection was brought in, primarily, so that customers would not be affected.
"Realistically speaking, I don't think we would ever had 2500 calls come in within a short period of time," Chisholm said, adding that, given the staggeringly larger number of people that connect to Telstra's call centres each day, DNSChanger calls wouldn't have been an issue.
In fact, customer calls have seen a 20 per cent decrease over the last twelve months, according to Telstra, leading it to, with the intention of outsourcing their function to the Phillipines.
"The only reason we've got [the redirection] there is to help our customers. There's no other purpose," Chisholm said.
"15 years ago, people probably were quite okay for the internet to go out, but if they picked up their phone, they expected a ring tone. These days, the same expectations [that] existed 15 years ago [for the telephone] exist for the internet. It is unacceptable for them not to have access."
For the most part, Telstra's redirection service has gone unnoticed by customers.
"When a telco does its job right, hopefully, the customer doesn't know you're there. They're just happy with what you've done. I don't think we've had any specific feedback on ... the redirection, [but] we've had a lot of, 'thanks for telling me I've been infected'," he said.
But not all customers were technically-minded enough to come to grips with how they had been infected or how to remove the infection, Chisholm said. Complicating this task was the fact that Telstra could only see so much from its end.
"We know that user ID 'X' is infected, but they might have [several] computers behind that user ID," Chisholm explained. Pinpointing which computer was infected was not always something Telstra's support staff could do on their own.
Additionally, there were odd cases where Telstra was limited in what it could do about the problem, because the infected computer didn't actually belong to the customer.
"We might notice that there's an infection coming from a particular address, and we might notice that it's come from that address for a period of time, but that might have been one of the [customer's] friends, not the [customer]."