NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] A Reminder About the "DNS Changer" Trojan

                 A Reminder About the "DNS Changer" Trojan


There's been a lot in the news today about the "DNS Changer" trojan,
still likely affecting vast numbers of PCs and Macs.  With the renewed
push to remind users what's at stake, I wanted to very quickly provide
a recap and a list of useful resources regarding this important issue.

DNS Trojan has been around for approaching five years or so, but last
November a massive effort by the FBI and others resulted in a number
of arrests and the seizure of associated server systems.

At its peak, perhaps an estimated 14 million computers were involved.

What's particularly insidious about this situation is that users'
systems could be infected with DNS Trojan for long periods, which
resulted in their Internet activity being diverted through compromised
DNS servers and opening up vulnerabilities to even more infections,
without users even being aware of what was happening.

When the related server systems were seized, it created a quandary.
If the servers were simply disconnected, all user systems currently
infected with the trojan would no longer resolve Internet domain names
to addresses, and would for all practical purposes be "cut off" from
the Internet.

While it is relatively straightforward to solve this situation if you
know the procedure and have the necessary information, fixing this is
not something that is obvious to most users.

So it was arranged for "clean" DNS servers to temporarily replace the
nasty ones, originally until last month, and then extended to July 9.
This kept users with contaminated systems from losing most Internet
connectivity, but didn't actually remove the trojan, either.

So barring another court extension, systems that are still infected
with DNS Changer that have not cleaned out the Trojan and repaired
their DNS systems, are going to lose their address resolving
capabilities on July 9, and that means they won't be accessing any
websites in normal manners.

It is important to verify that your systems, both PC and Mac, are free
of DNS Changer as soon as possible.  Don't wait for the deadline!

Here are some useful resources to help with this:

A good overview article from "PC World" provides a lot of background
information and additional links: http://j.mp/JC1MiA

The "DNS Changer Check-Up" site will give a quick "green" or "red"
status on your system, though it is not guaranteed to be 100% accurate
since ISP-based actions to deal with this situation may fool this
test: http://j.mp/JC27Si

The official FBI page explaining the Trojan and more details regarding
what was known as "Operation Ghost Click" is also definitely worth
visiting: http://j.mp/JC1UP6

The important thing to remember is that while you have a couple of
months before the actual shutdown that will affect infected systems,
you should act now to make sure your systems are clear of DNS Changer,
and avoid being unpleasantly surprised down the line.

If you have any additional questions, please drop me an email and of
course I'll try to be of assistance.

Take care, all.

Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren 
Co-Founder: People For Internet Responsibility: http://www.pfir.org 
 - Data Wisdom Explorers League: http://www.dwel.org
 - Network Neutrality Squad: http://www.nnsquad.org 
 - Global Coalition for Transparent Internet Performance: http://www.gctip.org
 - PRIVACY Forum: http://www.vortex.com 
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://vortex.com/g+lauren / Twitter: http://vortex.com/t-lauren 
Tel: +1 (818) 225-2800 / Skype: vortex.com
nnsquad mailing list