UPDATED 13:47 EST / MAY 23 2012

NEWS

FBI Shuts Down DNSChanger in July; Google Sets Out to Warn the Infected

It’s the year 2012 and Mayan doomsday movies will abound—even though we unearthed another Mayan calendar that doesn’t end this year—for the Internet, we have a different blackout on the way and one that will affect more than 500,000 people. These people are infected with some pernicious malware called the DNSChanger Trojan used to hijack people’s DNS queries and send them to man-in-the-middle servers.

The actual thread of this Trojan has been mitigated because the FBI took down the network involved and seized the servers that ran it—however, infections still persist.

After seizing the IP addresses used by DNSChanger, the FBI has been running the servers as if nothing happened so that people infected could change their settings and move on. However, on July 9, 2012 the FBI will shut down these servers and everyone still infected with this Trojan will suddenly find themselves out in the cold and unable to access web pages—this includes Fortune 500 companies who might have infected systems.

The first date set for this shutdown, March 8, has already passed because the FBI filed for an extension on the shutdown with the expectation that doing so without finding a better solution could be catastrophic.

In fact, Paul Vixie, “Father of DNS,” came out recently to warn that simply shutting down the DNSChanger servers would cause outright blackouts. “Remediation, which has not worked, has taken many forms, which did not work,” Vixie drily noted as reported by The Register.

Solutions have been passed around suggesting that the FBI change the DNSChanger servers to redirect requests to pages that explain the person is infected and then link them to instructions on how to fix their computer. However, this probably wouldn’t have any effect on internal systems that nobody uses to surf the web—but that said, even out of the 500,000+ infections every single one will not be caught.

Google has decided to step up to the plate and offer a solution: the above, except that it will be through their search engine and would provide the message that they should get themselves fixed.

Krebs on Security reports the statement from Google and how the warning will appear to those infected:

The company said the warning (pictured above) will appear only when a user with an infected system visits a Google search results property (google.com, google.co.uk, etc.), and will include the message, “Your computer appears to be infected.” Google security engineer Damian Menscher said the company expects to notify approximately a half-million users in the first week of the notices.

“In general we want to notify users [of malware infections] anytime we are capable of doing so, but the fact that we don’t do this more often is really just because it’s hard to come across cases where we can do it this accurately,” Menscher said.  “In many cases we only have maybe a 90 percent confidence that someone is infected, and the false positive rate of 10 percent is simply too high to be feasible. But in this case we can be essentially certain that someone is infected.”

Google is throwing a lot of resources at this, including translators to localize the message across the globe.

“We think part of it is that all of the public press on this so far has been in English or a handful of other languages,” Menscher said. “It turns out that only half of these infected users speak English as their primary language.”

Time is running out on people and corporations infected with DNSChanger. Individuals may simply just not know and if they’re lucky enough to use Google they’ll find out shortly—corporations, on the other hand, will have to look to their IT Departments to make sure they’re not burned come July 9.

No Mayans involved.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU