DNSChanger Shut-Down Means Internet Blackout Coming For Hundreds of Thousands 264
Since you're reading this here, you're probably already aware that in the early hours of Monday, lots of DNS calls are going to fail as the FBI turns off servers from which Windows machines infected with DNSChanger have been served. New submitter SuperCharlie adds a reminder of the impending shutdown, and adds:
"The FBI has a step-by-step method for you to see if you are infected in this PDF document, or you can go to dcwg.org for an automated check if you are so inclined."
Pull the plug (Score:5, Insightful)
Is anyone else sick of hearing about this?
Just shut the servers down already and be done with it.
Re: (Score:3, Insightful)
Please mod this guy up. If people are so dumb that they don't know they were infected, they are the first people who need to get unplugged from the Internet.
Re: (Score:3)
FUCK YOU yes it will....
Re: (Score:2)
I have not actually heard of this.
Re: (Score:3)
Just shut the servers down already and be done with it.
They should never have put alternative servers in place in the first place. Are the infected users paying for this service? I thought not.
Pulling the plug immediately would have generated business for Geek Squad, Genius Bar and other computer services that keep local people employed.
Re: (Score:3)
This is not out of pure kindness or kindness sake alone.
To paraphrase, do not ascribe to kindness that which can adequately be explained by stupidity.
Re: (Score:2)
Even allowing them to remain online is aiding and abetting everything they do.
Re: (Score:2)
Yeah, at least our Internet will be slightly faster. ;)
Too Bad About the Geek Squad Layoffs... (Score:2)
Why don't they... (Score:4, Interesting)
.. instead of shutting it down redirect all DNS requests to a page that says "Hey, butthead, your computer is infected. Fix it!"
Re:Why don't they... (Score:5, Funny)
cause it was originally infected by a page saying your computer is infected, here's how to fix it
Re:Why don't they... (Score:4, Interesting)
OK, so it'll probably work, then? These were the users who were willing to do it the first time, so why not a second time?
Re: (Score:2, Insightful)
Because it will work a second time... and a third... and a fourth... If you redirect morons to a "you're infected!" message, then they will be easily fooled by the fake one they receive tomorrow.
Re: (Score:2)
Re: (Score:2, Insightful)
The point is if you teach them that sometimes it actually does fix problems then they are far more likely to keep clicking them.
Re: (Score:2)
The same thing that happens if you drive a car and dont know how to change a tyre
Re:Why don't they... (Score:5, Interesting)
Re: (Score:2)
Maybe it could just redirect them to a page that tells them they should contact their Internet Service Provider for assistance fixing their DNS.
Re: (Score:2)
Sensible idea. But actually if each ISP set up the page instead, it could be customized for that ISP, which in some sense would be even better. All the ISP would have to do is to route the IPs of the malicious DNS servers to one machine which they control themselves and have that reply with the same IP address to every query.
BTW. Why are we still using the term I
Re: (Score:2)
BTW. Why are we still using the term ISP, when these days we mostly have connectivity and services separated?
Because connectivity is a service?
And what term would you then use about companies which do not provide connectivity, but provides other services such as websites, e-mail, irc, usenet, etc.
Re:Why don't they... (Score:5, Funny)
Various ISP's have been doing this for a while. I know of one Very Big ISP that does HTML injections, emails, and snail mail letters to their customers saying "Hey, butthead, your computer is infected. Fix it!" and guess what happens?
Big. Fat. Nothing.
Joe Jackass gets that letter in his mail with his bill, and goes "Huh, wonder what that is" and then trashes.
And the gorgeous part of it? Monday, guess whose fault its going to be? That's right, the ISP's.
People are ignorant of it, and when presented with facts, their ignorance turns into anger, and their anger turns to blame, and suddenly its somebody elses fault, so they feel justified in their ignorance.
Yes, I do tech support in a call center for a living. F'ing kill me now. Before Monday, please.
Re: (Score:2)
And the worst part of it is is that half of the people I work with don't understand DNS well enough to understand the full scope of the problem.
Re:Why don't they... (Score:5, Funny)
Yes, I do tech support in a call center for a living. F'ing kill me now. Before Monday, please.
Given that this population of your customers have proven themselves incompetent, couldn't you just hang up on them all day long and reason that they won't figure out how to give you negative feedback?
Re: (Score:2)
Reminds me of desktop SOE "cutovers" on a weekend. We'd send out mass emails to everyone a week before the cutover, a day before, and then leave printed-out "cheat sheets" with key information on each keyboard on the Friday night.
Come Monday morning, there's always at least a dozen managers on the phone to helpdesk complaining that they weren't notified of the changes. Not the ordinary workers, they always handle the changes just fine, technical teething issues aside. It's always the managers.
Re: (Score:2)
Simple solution. Instead of saying "Hi, this is toygeek at random-ISP, how can I help you?" try saying "Hi, this is most-hated-guy-at-work, how can I help you?". And then hang up. Repeatedly. Worked for someone I know.
Security Awareness Fail (Score:5, Informative)
Let me get this straight: the FBI is recommending people go to a nondescript
Can I next invite them to go to submit their information at fswrxt.net to check that their credit card wasn't hacked?
Re:Security Awareness Fail (Score:4, Insightful)
What's wrong with a four letter .org? They obviously vetted it. There was also a mention of "dns-ok.us". That domain looks even funkier but it's perfectly legit.
Re:Security Awareness Fail (Score:4, Interesting)
It teaches people that those unknown, never-heard-of-before, nondescript .org domains are fully safe and a-OK. Just pretend to be from the FBI, send them to such a site, and you can infect them all you want.
Re:Security Awareness Fail (Score:5, Insightful)
You missed a step.
Just pretend to be from the FBI, tell them "your machine is infected", send them to such a site, and you can infect them all you want.
Re: (Score:2)
You also missed a step.
Just pretend to be from the FBI, get your fake site on all the news shows, papers and internet news outlets for a week or two, tell them "your machine is infected", send them to such a site, and you can infect them all you want.
Re: (Score:2)
How about something ending in fbi.gov? I mean.........
Re:Security Awareness Fail (Score:4, Insightful)
>nondescript .org
DCWG is DNS Changer Working Group
How is it nondescript? It's a friggin' acronym for the name of the group.
Tell me, how descriptive is slashdot.org? Why are you here on a site that has a nondescript.org name?
>modded informative
Right. There's no accounting for taste among mods.
--
BMO
Re:Security Awareness Fail (Score:4, Insightful)
>
> DCWG is DNS Changer Working Group
>
> How is it nondescript? It's a friggin' acronym for the name of the group.
Only if you know in advance there's such a working group. And you know in advance there's malware with that name. The people who are previously aware of such things are probably not the people who are going to still be infected.
I'm sure the grandparent poster could come up with an sensible-sounding acronym based on the dodgy domain he proffered. Being an acronym of something that sounds sensible does *not* make it trustworthy.
You need to take a step back. You are unable to put yourself in the shoes of those who do not have the prior information that you have.
The dns-ok domains are just as untrustworthy intrinsically. Why should I trust those, but not trust equivalent domains with "dns-check" or "dns-safe" in their name? Why is "ok" OK, but "safe" not safe? Explain that to someone who does not have prior knowledge about the situation.
It's a government-funded and supported effort, the domain should have been either under
Re: (Score:2)
Your entire assertion is that since it's an .org instead of a .gov means it's not trustworthy, implying it's the same a .biz or something a spammer would use. .org, .gov, .mil, .com, .edu, and .us were all the original TLDs.
Your argument rests on nonsense.
--
BMO
Re: (Score:3)
So only .gov, .mil, and .edu websites are trustworthy?
That there has never been a hijacked .gov or .edu website?
Did I just wake up after a dream that I was in 2012 and it's really 1992?
Using the name of a website, or a TLD to determine trustworthiness is absolute bollocks. I don't know how else to put it. For an argument to be valid, it has to work through the entire chain. Yours fails on basic assumptions - the basic assumption is that .gov websites are inherently trustworthy.
--
BMO
Re: (Score:2)
Only if you know in advance there's such a working group. And you know in advance there's malware with that name. The people who are previously aware of such things are probably not the people who are going to still be infected.
How could they not know? For the last week, this has been on local TV news, NPR, CNN, Fox, and probably others that are not on my cable TV system or broadcast in my area.
And while we are talking about what people do or don't know, what's wrong with a redirect to a web page that says your computer is infected and you need to fix it? Not "click here to fix it", but just "you need to get it fixed." That is NOT training them to click on unknown links.
Re: (Score:2)
Re:Security Awareness Fail (Score:4, Insightful)
People who think twice about clicking this link generally aren't affected by dnschanger in the first place.
dupes and typos -- Timothy in fine form (Score:5, Informative)
"DSNChanger"?
And this is yet another dupe of this tedious "story", last just two days ago.
FBI To Shut Down DNSChanger Servers Monday -- But Should It Cut Off 300k PCs? [slashdot.org]
Posted by Soulskill on Thu Jul 05, '12 04:18 AM
DSNChanger Shut-Down (Score:3)
And a thousand Microsoft Access fat clients lose access to their back-end databases.
Interesting statistics (Score:5, Informative)
DNSChanger infections by AS [dcwg.org]
Top infected ISPs:
source [dcwg.org]
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Also, keep in mind that most large ISPs have numerous ASNs. Comcast, for example, has somewhere around 50.
No wonder the AS numbers are running out. I cannot imagine any technical reason Comcast would need that many AS numbers. But 50 AS numbers for a single ISP has got to be unusual. I would guess there are too many ISPs in the world for them to have that many AS numbers each.
Re: (Score:2)
PDF from the FBI? (Score:2)
How do I know the FBI posted a PDF?
Because it doesn't have any logos or official headings!
They handled it poorly. (Score:3)
Keeping the server up for so long was a mistake. Not warning users was a huge mistake too.
What I would have done:
Keep the server up for 10 days. ... blah blah blah. Your internet connection will stop working in N days. Click here to continue to the site you where visiting".
Redirect all requests to a page that says "Your computer has been compromised
Simple yet effective.
Re: (Score:2)
They should have just pulled the plug, fuck warnings, these people havent the slightest idea in the first place, you think another scam like site is going to warrant any action?
fuck them, let tech support figure it out. Smart users will investigate, dumb ones will pay 75 bucks an hour for a 30 second fix just like they always do, cause they have no OS disk and half the software they have is copies.
(I was a tech for many years, back when it was somewhat respectable)
Re:They handled it poorly. (Score:4)
You *really* didn't think about your post before clicking 'submit', did you? It is only "simple" in the way the word is euphemistically used to mean "stupid".
Re: (Score:2)
The right way to handle it was just to pull the plug. Better to let the users find out something is wrong and get the box looked at properly than to continue running a vulnerable machine. I agree with you about the problem of posting a "you may be infected page", what you could do is post a page that says "You may be infected. Obviously you should not trust anything your read online. Please contact your ISPs support services or find a support provider in the yellow pages."
Re: (Score:2)
Redirect all requests to a page that says "Your computer has been compromised ... blah blah blah. Your internet connection will stop working in N days. Click here to continue to the site you where visiting".
Simple yet effective.
I am sure they would have done something like that if it had been possible. But it is not. Once you hijack the first connection attempt, the browser is going to cache the DNS lookup. Clicking the second link is just going to go back to the hijack page again.
You can get such hijacking mostly working if you do it at the routing level (like most hotspot providers do). But you cannot hijack the connection at the routing level, when you only control DNS.
good riddance (Score:5, Interesting)
Until malware seriously impacts those who are affected by it, interest by people to defend against it will remain minimal. Spammers thrive in this environment, because people don't care and can get away with it.
I am still for a forced disconnect of any spamming botnet member until he has cleaned up his machine. When you drive your car on a public road, you have responsibility for it being roadworthy. Same logic applies to computers on the Internet. If you don't connect it to anything, I don't care how many kinds of malware your machine contains. If you go online, and you don't have working headlights, so to speak, you need to be taken off the road.
I've had this argument inside ISPs. I am disgusted to this day by their cowardice. They fear customers would leave for competitors. Yeah, they probably would. That's why we need laws and regulations here, so everyone is in the same boat, at least within the same jurisdiction.
So I applaud this move, though I think it should've come much earlier.
Re: (Score:3)
I've had this argument inside ISPs. I am disgusted to this day by their cowardice. They fear customers would leave for competitors.
An Australian ISP (Exetel?) used to have an informal policy that if a customer rang about something stupid, and insisted and shouted about the stupid thing, the owner himself would contact the customer, cancel the contract, refund their connection fee, and give them 30 days to take their business elsewhere. His feeling was that customer service was a major cost, so it was cheaper to dump them than pay for their argumentative stupidity.
I am still for a forced disconnect of any spamming botnet member until he has cleaned up his machine.
Years ago I argued for fines for even unknowingly sending spam. Ie, fine
How many more times? (Score:2)
Since you're reading this here, you're probably already aware...
Yes, yes we are. So why are you telling us again?
Out of 10000 IP addreses, 2 users have this issue (Score:2)
It's a much MUCH smaller deal than has been suggested.
At this point, the only way you have much chance of being impacted, is if someone's been totally negligent in the maintenance of the computer, and just does simply no security work at all for the computer and their LAN, or you are in a position of providing support for such a user, for network connectivity.
And I say that, because by now any DNSChanger impacted user has had a year to recognize the problem, and it's been a well-publicized threat.
Re:Or... (Score:4, Informative)
Zzzz, when will the ignorant Apple trolls get bored of these things?
Re:Or... (Score:5, Informative)
What was ignorant about my comment?
It is fact that DNSChanger does not infect OSX. It doesn't infect iOS. It doesn't infect Linux, or BSD, or Amiga, or Android, or BeOS, or Plan 9, or Chromium, or OS2, or Solaris, or EMACS. I happen to be running one of the many OSs it does not infect.
Seriously? https://www.google.com/search?q=dnschanger+osx [google.com]
Re:Or... (Score:5, Informative)
Simply false. DNSChanger can infect Windows, MacOS, and many consumer-grade routers that provide DNS or DHCP.
What's special about MacOS infections is that the user has to be an ignorant pollyanna to get infected. If I were you, I'd check my DNS config.
Re:Or... (Score:5, Informative)
http://techland.time.com/2012/04/23/dnschanger-fbi-warns-infected-computers-will-lose-web-email-access-in-july/ [time.com]
"DNSChanger targets Windows or Mac systems (Linux, iOS and Android users are in the clear) by manipulating Domain Name Servers (DNS), which translate syntax-based URLs into IP addresses. "
Re:Or... (Score:4, Funny)
iNo, iBut iYou iAre iNfected iWith iThe iFanboi iTroll iVirus, iWhich iS iNfinitely iMore iAnnoying...
Re: (Score:2)
So I hereby present, the iWank filter:
http://87.119.183.129/perl/rdf.pl
Re: (Score:2)
I remember jive and swedish chef...
I plugged a quote from the movie Airplane! into a Swedish Chef translator:
"thet hunky moost be-a messeeng veet my oold lady"
Re: (Score:2)
Which - when run through GP's i-filter - yields:
iThet iHunky iMoost iBe-a iMesseeng iVeet iMy iOold iLady
Re: (Score:2)
Re:Or... (Score:4, Funny)
What a great idea! I'll just write a similar wallpaper-based antivirus in MSPaint right now.
Re:Why did this do it this way? (Score:5, Insightful)
Is disconnecting hundreds of thousands of infected machines really a problem?
Re:Why did this do it this way? (Score:5, Interesting)
Re:Why did this do it this way? (Score:5, Interesting)
You don't want to redirect them to a page which tells them how to get rid of a virus. Believing pages that tell them that their system has malware and they need to follow the instructions on the page to get rid of it, is one of the common means of *spreading* malware.
Re: (Score:2)
Some will check the problem themselves, others will call their ISP's,tech support,etc
Someone using the net should have a clue what DNS is about anyways
Re: (Score:2)
Someone using the net should have a clue what DNS is about anyways
We're at least a decade beyond that point.
Re: (Score:3)
But it wouldn't be FBI that redirected the traffic. It would be the malware that redirected it, FBI would just be in control of where it got redirected to. And actually I read somewhere that FBI wasn't even doing this themselves, they left the technical part to ISC.
Re: (Score:2)
They don't need to tell them how to fix it, but they could have at least made a transition period where they're redirected to a page notifying them that they're infected with the virus, some basic information about the virus, and then tell them to contact their tech support representative with the information. The tech of choice (family/friend/repair shop) should be able to clean things up pretty easily then.
Re:Why did this do it this way? (Score:4, Insightful)
Believe it or not disconecting people, does not solve the problem, they buy a new computer take it to geek squad who nukes and paves it and sells them a rediculously overpriced unreliable antivirus.
Actually that scenario does solve the problem. Infected machines need to be formatted and reinstalled.
Re:Why did this do it this way? (Score:4, Interesting)
It's a massive win to me, because many of those people will probably sell their computer outright and buy another one, and then I can buy some of them (the nicer ones, anyway) at yard sales. A year or two ago (two I think) I got an Athlon 64 X2 4000+ system with a 20" LCD for $125 because the owner forgot the Admin password and couldn't figure out how to run recovery. The LCD also has S-Video, component and composite inputs and I'm using it for my PS2 right now...
Re: (Score:2)
I What could help would be to redirect the DNS servers to an informational page on how to clean off the current infection (IE hosting some cleanup tools), with tips of how to avoid infection again.
That describes most of the techniques Trojans use I come across on the web
Re: (Score:2)
they buy a new computer take it to geek squad who nukes and paves it and sells them a rediculously overpriced unreliable antivirus.
That does solve the problem of getting a vulnerable machine off the network and a user off a vulnerable machine. Even Geek Squad will make sure a machine is patched before it goes out the door again. Its still a win.
What it does not do is educate the user about how to prevent this from happening again, but the cost of a new computer and our insanely priced Geek Squad services might just motivate them to learn on their own.
Re: (Score:2)
What they could have done was to set the DNS:es to point to the same web page regardless of what address that was requested.
That would have been a lot more informative.
Re: (Score:3)
> Is disconnecting hundreds of thousands of infected machines really a problem?
It doesn't disconnect the machines, as many people have already pointed out. It simply causes their DNS lookups to fail.
Re: (Score:2, Funny)
Wait, which OS does this malware run on?
Re:DSNChanger??? (Score:5, Funny)
No, in this case, the malware is installed between the keyboard and the chair.
Comment removed (Score:5, Insightful)
Re: (Score:3, Informative)
Re:DSNChanger??? (Score:5, Insightful)
Notice how EVERY DAMNED ONE is a PEBKAC problem?
No, I don't. And I've given speeches about this very subject.
The problem is a user interface design problem. The computer lies to the user, a user untrained in computers and thus unable to spot the lie. I'm not talking about the "hot lesbians inside" lie, I am talking about the lie where the user intends to do one thing, instructs the computer to do it, and the machine does something entirely different without telling the user.
The computer displays an icon indicating that something is a video. User clicks on it, intending to watch a video. Instead, a program is executed and installs malware on the machine. There are so many design failures here, it is painful:
* false information about the nature of the object
* bad interface design not allowing the user to express his action clearly (clicking on an action has context-specific meanings)
* bad ACL allowing an unintended action to have even more unintended consequences
* bad feedback to the user as to what is actually happening
To abuse a car analogy - malware is like a CD that you put into your CD player in your car and it makes a copy of your car keys and when you're driving past the next post office, mails it to someone in Poland.
And you are blaming the driver. Seriously?
The real solutions are a little less convenient than simply blaming the user. They require thoughts, intelligence, lots of testing inside and outside the lab, to find better user interface paradigms. One that, for example, allows the user to make a difference between "show me this document" and "run this program". And a change in mindset that moves away from the "users are stupid, let's not bother them with the difference between documents and programs" to "actually, it turns out that with a bit of training, people do understand the difference between the switch that controls the lights and the one that controls the windshield wipers".
It also requires smarter technology that can really undo actions. When software installs follow the change set concept, then we are getting somewhere.
There's a lot more, and I don't claim to have even the majority of the answers, much less all of them. But I do know that we've been asking the wrong questions for way too long. I have about a dozen pieces of the puzzle that I've researched in depth, and in all cases it turns out that stupid users is not the root cause.
In fact, IT security would be a lot better off if it were to simply accept stupid users as a fact, just like limited memory and damaged network packages and find ways to work with them without falling over. You know, the Ping of Death was really, really embarassing. Most of IT Security is much like it.
And yes, I know what I'm talking about, I do this for a living, I give speeches about it, I've been doing research on this for over a decade. If you're in Europe, you can hire me on this.
Re: (Score:3)
What would someone in Poland do with my car keys?
Re: (Score:3)
Probably have better luck with hoping for better security.
Re: (Score:3)
The first step is actually the easiest if MS would get off their stinking ass and change a single default behavior as the OS Should Never - I say Never Hide any file extensions by default. This is the first setting I change on any window box I touch. It's not much but by god it helps the user detect that something is lying about what it is. Of course the PEBKAC still exists if the user doesn't pay any attention to the extensions - Seems that many americans now have less attention span then a damn Gnat. God
Re: (Score:3)
I have to agree with hiding the file extensions is a stupid idea, and yes, I turn that off as one of the very first things I do when I touch a computer.
Less attention span has very little to do with Americans and just people in general. It comes from the multitasking that the younger generation gets thrown into. They just can't pay attention to any single one thing for a decent amount of time. They are so used to juggling 5 things at once, and the human brain just doesn't multitask well for 98% of the pe
Re:DSNChanger??? (Score:4, Insightful)
How do you decide what is "executable" and what isn't?
Good point, yes. I don't have an answer for that. The reverse would be easier: The system knows what kinds of file types it can handle that are not executables.
Users simply ignore this
Of course they do. We've trained them for a decade that warning dialogs are a nuissance, nothing important is ever in them, they're filled with techno-babble, and interrupt their work at the worst possible moments and the default option is almost always the one they want.
The reason is simplicity: We simply want the computer to "open" whatever it is we're interested.
I believe we've been trained to think that way. I remember times when that wasn't true. Early computers didn't have this metaphors. You did not "open" a document from the command line. You ran a program and then opened the file from that program's open dialog. I still remember that opening a document directly was confusing to me at first.
Download a good program and left-click it by habit
But that's today's habit. My thought experiment was assuming that what we have today never happened, so this habit has never formed.
Fundamentally it comes down to understanding the separation of the two kinds of files and why it's important to treat them differently. This requires technically informed users -- the very same flaw as simply displaying file extensions.
I do believe that users aren't that stupid - you just have to speak their language. File extensions and binary code isn't their language.
What we need are better metaphors. The ones we have suck. Humans are fantastic at applying metaphors. I'm not a linguist except by interest, so I don't think I can come up with the solution. But I've done enough research to believe that the solution lies somewhere in that direction.
It'll be a jump, one we can hardly imagine. Like multitouch - it seems to natural and obvious now that we've had it for a while, but 20 years back it wasn't obvious in the least. Gestures? Please. Go back 30 years and try to explain gestures to the C64 home computer crowd. A mouse was revolutionary in those days.
I believe we will solve this on the user interface design front, and then we'll look back and wonder how we could ever be so stupid.
Re:DSNChanger??? (Score:4, Insightful)
Is it so hard to turn on file extensions and see that despite the movie file icon, it is an exe and so a program?
Who is the irresponsible idiot that hid the extensions in the first place, maybe it was the same that had by default auto start enabled on .inf files?
Yes MS I'm blaming you for bringing up a generation of clueless, at least in the DOS days we still knew what an extension stood for!
Comment removed (Score:4, Insightful)
Re:DSNChanger??? (Score:4, Insightful)
Here's a clue
You think that I could study computer science without realizing that? What you don't realize is that there is an important difference in running a known application and having it open a file and running an unknown application. Secondly, that there is a difference between running an application when you want to and know that you are doing so and running an application without realizing that you are doing so.
The bad guys will use whatever they can
That, exactly, is the point. Why do we give them so many ways to use?
You're stupid suggestions do nothing to make this better.
Sorry to burst your babble, but some of "my" suggestions aren't my own inventions but are from peer-reviewed articles that show they do have the desired effect. Unfortunately, much of this has never gone beyond prototype stage, because the major OS vendors aren't accepting the responsibility, either don't give a fuck (MS), are too focused on not breaking the consistency of their design (Apple) or are run by geeks who don't understand user interface design (Linux).
Making the user aware that they run a program to view a document will change nothing.
I see you are one of the people who believe that user awareness is the problem. It isn't. The futility of user awareness trainings, which we in the IT security industry have been running for decades to little effect, should've made clear that this isn't true.
There will always be stupid users and they will always outnumber smart ones
There is no such thing as a stupid user. Every time an IT security person uses the word "stupid user", he is trying to draw attention away from his own failures. I have done root cause analysis on "stupid user" topics, and I can show you a deeper cause for every issue commonly attributed to "stupid users".
Your attitude towards users is one of the reasons that things are as ugly as they are. If car makers would think the same about drivers, our highways would be slaughter houses and people would dread driving, not enjoy it.
Re:DSNChanger??? (Score:5, Informative)
Re: (Score:2)
Re: (Score:2)
You seem to be assuming the FBI kept them running all this time because they gave a crap about the affected people.
How delightfully quaint...
By the way - this message may come as a surprise but it turns out, I have a Nigerian Prince in my family who is struggling to make an overseas transfer. Please send me your Name, Address, Telephone Number, SSN, CC numbers (with PINs and CVV's) and bank account details (with web login passwords) and I'll cut you in for a $ couple of million.
Re: (Score:2)
Lawful Intercept, aka your friendly neighborhood backdoor. As used by law enforcement officials and black hats alike.
The term "lawful intercept" describes the process by which law enforcement agencies conduct electronic surveillance of circuit and packet-mode communications as authorized by judicial or administrative order.
http://www.cisco.com/en/US/tech/tk583/tk799/tsd_technology_support_protocol_home.html [cisco.com]
Re: (Score:2)
Yeah, I find it amusing when people talk about using enterprise networking gear when they've had legislatively-mandated backdoors installed for many years.
(Not that the hardware isn't better, just not for that particular reason)
Re: (Score:2)
but if they are running on enterprise gear often is also flash-able so you could load a custom Linux or BSD distro and use it as a router without a back door and a good deal of control and customization
Re:Should have been redirecting for months (Score:5, Insightful)
1) It's a bad idea to train users that they should actually believe a web page that tells them they have a virus and how to remove it. This is typically used to spread malware, not remove it.
2) The FBI wanted this to go on as long as possible, because it allows them to spy on the traffic sent to the now FBI-controlled servers.
Re: (Score:2)
And as an aside, they are idiots because they don't provide a link to pay from that disabled-page.
Anyone who clicked on such a link would be the idiot. See also, DNSChanger.
Re: (Score:2)
However, if every single url you enter loads the same "your computer is infected" page, google.com, facebook.com, slashdot.com, it's a good sign your computer really is infected.