Millions of infected machines might be kicked offline March 8

By on February 16, 2012, 6:00 PM

In three weeks, the FBI could knock millions of infected systems offline by disabling some DNS servers. In November, Estonian authorities arrested six men suspected of using "DNSChanger Trojan" malware to redirect victims to malicious websites and block them from genuine security sites that might've removed the infection.

According to a report by Brian Krebs, the Trojan was on over four million computers in more than 100 countries, including 500,000 in the US -- and not just home users, either. The malware is reportedly still present on computers at half of the Fortune 500 companies and at approximately half of all federal agencies.

When the criminals were arrested, authorities replaced their malicious DNS servers with legitimate ones. Without doing so, victims would be presented with DNS errors as their machines sent requests to the disabled rogue servers. The clean servers allow infected users to visit their desired destinations as normal.

With the fresh servers in place, investigators could monitor the IP addresses of affected users and alert their Internet Service Providers. From there ISPs aided users in cleaning their computers. Sadly, that process hasn't been as quick as desired and many users could learn about their infection the hard way next month.

Come March 8, the court order allowing the feds to replace the bogus DNS servers will expire. Unless that's extended, the surrogate servers will be unplugged and millions still plagued by DNSChanger will lose Web access. Even the order is prolonged, experts worry the cleanup will take years as with Conficker.

"At this rate, a lot of users are going to see their Internet break on March 8," said Rod Rasmussen, president and CTO of security firm Internet Identity. He added that pulling the plug might hasten the cleanup process. "It certainly would be an interesting social experiment if these systems just got cut off," he quipped.

Checking your system for DNSChanger is relatively simple. You can use ipconfig /all in the Windows command prompt to get your DNS information, which can be compared against the numbers here. The DNSChanger Working Group also provides a list of free resources that'll help you clean your machine(s).




User Comments: 16

Got something to say? Post a comment
PinothyJ said:

"It certainly would be an interesting social experiment if these systems just got cut off"

That cracks me up ...

9Nails, TechSpot Paladin, said:

That's not very "social" of an experiment to be simply "cut off" from the Internet! It's more like a society of 1 without DNS resolution.

But the sick side of me likes the idea that these infected machines will be cut off from the rest of the Internet. It would make a clear and apparent indication that the owner needs to fix their machine. I've often wondered why more isn't done to alert system owners that an infection needs to be cleaned off. Or making available a network aware anti-virus crawler to find, report, fix, and clean the virus infected computers.

jobeard jobeard, TS Ambassador, said:

While I hear mother saying "Play nice with others or you will be sent to your room",

it isn't a bad choice to force those that can't to take a timeout (imo).

Law enforement in this arena is impossible, so this approach (forcing consequences) is a good alternative.

Guest said:

It really shouldn't be that big of a deal. Most intelligent IT departments at businesses and government institutions should have taken care of their issues. The main ones who would suffer are the IT support for ISPs getting lot's of calls from irate homeowners wondering why their internet connection is suddenly out of service.

treetops treetops said:

i need to invest in a filing cabinet

cliffordcooley cliffordcooley, TechSpot Paladin, said:

i need to invest in a filing cabinet
Call me dense if you will, I don't see the insinuation.

spydercanopus spydercanopus said:

Is this the list of infected DNS servers? http://dcwg.org/checkup2.html

jester376 said:

9Nails said:

I've often wondered why more isn't done to alert system owners that an infection needs to be cleaned off. Or making available a network aware anti-virus crawler to find, report, fix, and clean the virus infected computers.

Because it would put thousands of services out of commission and thousands of people out of jobs. Companies don't want to take the chance of losing any money they could make, so they just let it fester until the client or owner notices and gets tired of it and pays to diagnose the problem and get it fixed.

Guest said:

Good, confiscate their computers too - it's obvious they aren't fit to use one. /hatestupidpeople

ramonsterns said:

I have Norton, Microsoft Essentials, and Malwarebytes, and it would seem I'm clear. Also checked with spydercanopus' website and that seems clear too.

I should check my family's computers as well just to be sure.

Guest said:

Doesn't cover home router - and apparently these can be infected too. Does anyone know: <1> how to check for this on a router? <2> what to do if there is an infection?

cliffordcooley cliffordcooley, TechSpot Paladin, said:

Good, confiscate their computers too - it's obvious they aren't fit to use one. /hatestupidpeople
Thats a bit harsh. Computer illiteracy does not mean people are stupid.

lipe123 said:

cliffordcooley said:

Good, confiscate their computers too - it's obvious they aren't fit to use one. /hatestupidpeople
Thats a bit harsh. Computer illiteracy does not mean people are stupid.

Yes it does! If you cant drive your car and constantly crash into other people cause you never bothered to learn to drive you face SERIOUS consequences.

If you constantly download BS and get virus infected and help spambot networks send "here haz some viagra" to your friends and family you are stupid and SHOULD face consequences.

There should be a 100$ fine and a 2 month internet suspension for everyone that gets a virus.

ramonsterns said:

lipe123 said:

Yes it does! If you cant drive your car and constantly crash into other people cause you never bothered to learn to drive you face SERIOUS consequences.

If you constantly download BS and get virus infected and help spambot networks send "here haz some viagra" to your friends and family you are stupid and SHOULD face consequences.

There should be a 100$ fine and a 2 month internet suspension for everyone that gets a virus.

As much as I'd like to agree with you, driving half to 2 tonnes of metal and plastic is not the same as using a computer. It will also not hurt anyone if you mess up, and a botnet isn't something you can instantly spot and get rid off.

There should be a $100 fine and a 2 month internet suspension for coming up with stupid fees over the internet.

Oops, guess I'll see you guys in 2 months.

cliffordcooley cliffordcooley, TechSpot Paladin, said:

There should be a 100$ fine and a 2 month internet suspension for everyone that gets a virus.
Thats the same as saying everyone should be fined for running over an animal. Somethings can't be avoided.

Your suggestion above would be fining allot of people that did not have the luxury of growing up and learning all the ins and outs of a computer. It's not their fault someone programs and distributes viruses for them to walk into. If you really want to fine someone fine the sources or anyone hosting them not the destinations.

Darth Shiv Darth Shiv said:

lipe123 said:

cliffordcooley said:

Good, confiscate their computers too - it's obvious they aren't fit to use one. /hatestupidpeople
Thats a bit harsh. Computer illiteracy does not mean people are stupid.

Yes it does! If you cant drive your car and constantly crash into other people cause you never bothered to learn to drive you face SERIOUS consequences.

If you constantly download BS and get virus infected and help spambot networks send "here haz some viagra" to your friends and family you are stupid and SHOULD face consequences.

There should be a 100$ fine and a 2 month internet suspension for everyone that gets a virus.

Well that could be a problem for you too then. You do realise if a real hacker decided to attack you, you wouldn't have much of a chance?

No-one is immune to trojans etc unless they aren't connected to the internet. Windows, Linux, Android, iOS, MacOSX are coming out with security patches every month. They are endless. The only way to stop endless patching is to stop adding features to an OS and finely scrutinise and secure the code. It's just not a practical reality because you will be left behind. You can either have a machine with modern features, or no security holes and no features. Pick one.

There also just isn't money in attacking an individual but I wouldn't be so bold to presume my system is beyond possibility of compromise.

Do you use flash at all? If you do, and you visit even a reputable site that has flash, you are already at risk of being infected by trojans. Adservers are known to be compromised by hackers and infected flash put up.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.