Shared publicly  - 
A Reminder About the "DNS Changer" Trojan

There's been a lot in the news today about the "DNS Changer" trojan,
still likely affecting vast numbers of PCs and Macs. With the renewed
push to remind users what's at stake, I wanted to very quickly provide
a recap and a list of useful resources regarding this important issue.

DNS Trojan has been around for approaching five years or so, but last
November a massive effort by the FBI and others resulted in a number
of arrests and the seizure of associated server systems.

At its peak, perhaps an estimated 14 million computers were involved.

What's particularly insidious about this situation is that users'
systems could be infected with DNS Trojan for long periods, which
resulted in their Internet activity being diverted through compromised
DNS servers and opening up vulnerabilities to even more infections,
without users even being aware of what was happening.

When the related server systems were seized, it created a quandary.
If the servers were simply disconnected, all user systems currently
infected with the trojan would no longer resolve Internet domain names
to addresses, and would for all practical purposes be "cut off" from
the Internet.

While it is relatively straightforward to solve this situation if you
know the procedure and have the necessary information, fixing this is
not something that is obvious to most users.

So it was arranged for "clean" DNS servers to temporarily replace the
nasty ones, originally until last month, and then extended to July 9.
This kept users with contaminated systems from losing most Internet
connectivity, but didn't actually remove the trojan, either.

So barring another court extension, systems that are still infected
with DNS Changer that have not cleaned out the Trojan and repaired
their DNS systems, are going to lose their address resolving
capabilities on July 9, and that means they won't be accessing any
websites in normal manners.

It is important to verify that your systems, both PC and Mac, are free
of DNS Changer as soon as possible. Don't wait for the deadline!

Here are some useful resources to help with this:

A good overview article from "PC World" provides a lot of background
information and additional links:

The "DNS Changer Check-Up" site will give a quick "green" or "red"
status on your system, though it is not guaranteed to be 100% accurate
since ISP-based actions to deal with this situation may fool this

The official FBI page explaining the Trojan and more details regarding
what was known as "Operation Ghost Click" is also definitely worth

The important thing to remember is that while you have a couple of
months before the actual shutdown that will affect infected systems,
you should act now to make sure your systems are clear of DNS Changer,
and avoid being unpleasantly surprised down the line.

If you have any additional questions, please drop me an email and of
course I'll try to be of assistance.

Take care, all.

-- Lauren --
Lauren Weinstein's profile photoAndrew Eva's profile photoLorie Johnson's profile photoEric Bogle's profile photo
The news agencies that don't understand the Internet, or how the virus works, have been cracking me up with headlines like, "The Internet Will Break on July 9," or "FBI will turn off the Internet for some users"

So funny. I'm a little ashamed that we are in a situation where folks have virus' still on their machines after so long and are just "living with it" like people do with arthritis or something.
+Andrew Eva We should be ashamed, because its really not those users' faults, it's the entire industry's, effectively.
I suppose, though I can see my grandparents having this virus and having no idea. Honestly, if we are receiving DNS requests from these people, can't we redirect them all to a "fix your crap" link... or do you think we've trained the users so well to not click weird links that they would just ignore it or freak out?
+Andrew Eva You just answered your own question. I think many people would be utterly suspicious of suddenly finding themselves on some strange page purporting to tell them how to fix things, even if they felt capable of following the instructions. And a side effect of such a diversion is that many people would lose their email and Web capabilities they would have otherwise used to check things further.
Kind of a catch-22 problem... we can cut their access to show them they have a problem, but they can't fix it without access... so we tell them they might have a problem, but they don't know how to check, and didn't know they had a problem before now... hrm... More and better malware detectors. In this way, I'm kind of looking forward to Windows 8 for the "press here to reset to default" button.
Add a comment...