DNSChanger Shut-Down Means Internet Blackout Coming For Hundreds of Thousands 264
Since you're reading this here, you're probably already aware that in the early hours of Monday, lots of DNS calls are going to fail as the FBI turns off servers from which Windows machines infected with DNSChanger have been served. New submitter SuperCharlie adds a reminder of the impending shutdown, and adds:
"The FBI has a step-by-step method for you to see if you are infected in this PDF document, or you can go to dcwg.org for an automated check if you are so inclined."
Pull the plug (Score:5, Insightful)
Is anyone else sick of hearing about this?
Just shut the servers down already and be done with it.
Re:Pull the plug (Score:3, Insightful)
Please mod this guy up. If people are so dumb that they don't know they were infected, they are the first people who need to get unplugged from the Internet.
Re:Why did this do it this way? (Score:5, Insightful)
Is disconnecting hundreds of thousands of infected machines really a problem?
Re:Security Awareness Fail (Score:4, Insightful)
What's wrong with a four letter .org? They obviously vetted it. There was also a mention of "dns-ok.us". That domain looks even funkier but it's perfectly legit.
Re:Should have been redirecting for months (Score:5, Insightful)
1) It's a bad idea to train users that they should actually believe a web page that tells them they have a virus and how to remove it. This is typically used to spread malware, not remove it.
2) The FBI wanted this to go on as long as possible, because it allows them to spy on the traffic sent to the now FBI-controlled servers.
Re:Why did this do it this way? (Score:4, Insightful)
Believe it or not disconecting people, does not solve the problem, they buy a new computer take it to geek squad who nukes and paves it and sells them a rediculously overpriced unreliable antivirus.
Actually that scenario does solve the problem. Infected machines need to be formatted and reinstalled.
Re:Security Awareness Fail (Score:4, Insightful)
>nondescript .org
DCWG is DNS Changer Working Group
How is it nondescript? It's a friggin' acronym for the name of the group.
Tell me, how descriptive is slashdot.org? Why are you here on a site that has a nondescript.org name?
>modded informative
Right. There's no accounting for taste among mods.
--
BMO
Re:Why don't they... (Score:2, Insightful)
Because it will work a second time... and a third... and a fourth... If you redirect morons to a "you're infected!" message, then they will be easily fooled by the fake one they receive tomorrow.
Comment removed (Score:5, Insightful)
Re:Why don't they... (Score:2, Insightful)
The point is if you teach them that sometimes it actually does fix problems then they are far more likely to keep clicking them.
Re:Security Awareness Fail (Score:5, Insightful)
You missed a step.
Just pretend to be from the FBI, tell them "your machine is infected", send them to such a site, and you can infect them all you want.
Re:Security Awareness Fail (Score:4, Insightful)
>
> DCWG is DNS Changer Working Group
>
> How is it nondescript? It's a friggin' acronym for the name of the group.
Only if you know in advance there's such a working group. And you know in advance there's malware with that name. The people who are previously aware of such things are probably not the people who are going to still be infected.
I'm sure the grandparent poster could come up with an sensible-sounding acronym based on the dodgy domain he proffered. Being an acronym of something that sounds sensible does *not* make it trustworthy.
You need to take a step back. You are unable to put yourself in the shoes of those who do not have the prior information that you have.
The dns-ok domains are just as untrustworthy intrinsically. Why should I trust those, but not trust equivalent domains with "dns-check" or "dns-safe" in their name? Why is "ok" OK, but "safe" not safe? Explain that to someone who does not have prior knowledge about the situation.
It's a government-funded and supported effort, the domain should have been either under
Re:DSNChanger??? (Score:5, Insightful)
Notice how EVERY DAMNED ONE is a PEBKAC problem?
No, I don't. And I've given speeches about this very subject.
The problem is a user interface design problem. The computer lies to the user, a user untrained in computers and thus unable to spot the lie. I'm not talking about the "hot lesbians inside" lie, I am talking about the lie where the user intends to do one thing, instructs the computer to do it, and the machine does something entirely different without telling the user.
The computer displays an icon indicating that something is a video. User clicks on it, intending to watch a video. Instead, a program is executed and installs malware on the machine. There are so many design failures here, it is painful:
* false information about the nature of the object
* bad interface design not allowing the user to express his action clearly (clicking on an action has context-specific meanings)
* bad ACL allowing an unintended action to have even more unintended consequences
* bad feedback to the user as to what is actually happening
To abuse a car analogy - malware is like a CD that you put into your CD player in your car and it makes a copy of your car keys and when you're driving past the next post office, mails it to someone in Poland.
And you are blaming the driver. Seriously?
The real solutions are a little less convenient than simply blaming the user. They require thoughts, intelligence, lots of testing inside and outside the lab, to find better user interface paradigms. One that, for example, allows the user to make a difference between "show me this document" and "run this program". And a change in mindset that moves away from the "users are stupid, let's not bother them with the difference between documents and programs" to "actually, it turns out that with a bit of training, people do understand the difference between the switch that controls the lights and the one that controls the windshield wipers".
It also requires smarter technology that can really undo actions. When software installs follow the change set concept, then we are getting somewhere.
There's a lot more, and I don't claim to have even the majority of the answers, much less all of them. But I do know that we've been asking the wrong questions for way too long. I have about a dozen pieces of the puzzle that I've researched in depth, and in all cases it turns out that stupid users is not the root cause.
In fact, IT security would be a lot better off if it were to simply accept stupid users as a fact, just like limited memory and damaged network packages and find ways to work with them without falling over. You know, the Ping of Death was really, really embarassing. Most of IT Security is much like it.
And yes, I know what I'm talking about, I do this for a living, I give speeches about it, I've been doing research on this for over a decade. If you're in Europe, you can hire me on this.
Re:Security Awareness Fail (Score:4, Insightful)
People who think twice about clicking this link generally aren't affected by dnschanger in the first place.
Re:DSNChanger??? (Score:4, Insightful)
Is it so hard to turn on file extensions and see that despite the movie file icon, it is an exe and so a program?
Who is the irresponsible idiot that hid the extensions in the first place, maybe it was the same that had by default auto start enabled on .inf files?
Yes MS I'm blaming you for bringing up a generation of clueless, at least in the DOS days we still knew what an extension stood for!
Comment removed (Score:4, Insightful)
Re:DSNChanger??? (Score:4, Insightful)
Here's a clue
You think that I could study computer science without realizing that? What you don't realize is that there is an important difference in running a known application and having it open a file and running an unknown application. Secondly, that there is a difference between running an application when you want to and know that you are doing so and running an application without realizing that you are doing so.
The bad guys will use whatever they can
That, exactly, is the point. Why do we give them so many ways to use?
You're stupid suggestions do nothing to make this better.
Sorry to burst your babble, but some of "my" suggestions aren't my own inventions but are from peer-reviewed articles that show they do have the desired effect. Unfortunately, much of this has never gone beyond prototype stage, because the major OS vendors aren't accepting the responsibility, either don't give a fuck (MS), are too focused on not breaking the consistency of their design (Apple) or are run by geeks who don't understand user interface design (Linux).
Making the user aware that they run a program to view a document will change nothing.
I see you are one of the people who believe that user awareness is the problem. It isn't. The futility of user awareness trainings, which we in the IT security industry have been running for decades to little effect, should've made clear that this isn't true.
There will always be stupid users and they will always outnumber smart ones
There is no such thing as a stupid user. Every time an IT security person uses the word "stupid user", he is trying to draw attention away from his own failures. I have done root cause analysis on "stupid user" topics, and I can show you a deeper cause for every issue commonly attributed to "stupid users".
Your attitude towards users is one of the reasons that things are as ugly as they are. If car makers would think the same about drivers, our highways would be slaughter houses and people would dread driving, not enjoy it.
Re:DSNChanger??? (Score:4, Insightful)
How do you decide what is "executable" and what isn't?
Good point, yes. I don't have an answer for that. The reverse would be easier: The system knows what kinds of file types it can handle that are not executables.
Users simply ignore this
Of course they do. We've trained them for a decade that warning dialogs are a nuissance, nothing important is ever in them, they're filled with techno-babble, and interrupt their work at the worst possible moments and the default option is almost always the one they want.
The reason is simplicity: We simply want the computer to "open" whatever it is we're interested.
I believe we've been trained to think that way. I remember times when that wasn't true. Early computers didn't have this metaphors. You did not "open" a document from the command line. You ran a program and then opened the file from that program's open dialog. I still remember that opening a document directly was confusing to me at first.
Download a good program and left-click it by habit
But that's today's habit. My thought experiment was assuming that what we have today never happened, so this habit has never formed.
Fundamentally it comes down to understanding the separation of the two kinds of files and why it's important to treat them differently. This requires technically informed users -- the very same flaw as simply displaying file extensions.
I do believe that users aren't that stupid - you just have to speak their language. File extensions and binary code isn't their language.
What we need are better metaphors. The ones we have suck. Humans are fantastic at applying metaphors. I'm not a linguist except by interest, so I don't think I can come up with the solution. But I've done enough research to believe that the solution lies somewhere in that direction.
It'll be a jump, one we can hardly imagine. Like multitouch - it seems to natural and obvious now that we've had it for a while, but 20 years back it wasn't obvious in the least. Gestures? Please. Go back 30 years and try to explain gestures to the C64 home computer crowd. A mouse was revolutionary in those days.
I believe we will solve this on the user interface design front, and then we'll look back and wonder how we could ever be so stupid.