Comments on: DNSChanger servers get shut down

DNSChanger servers get shut down

Chocolate Pickle — Sat, 07 Jul 2012 13:16:01 -0800

On Monday hundreds of thousands of computers will lose their ability to connect to the Internet.

The servers controlling the DNSChanger malware will be shut down, and without them computers which are still infected will cease to be able to do DNS lookups. Getting rid of it isn't easy, and requires a specific set of tools which would need to be downloaded before Monday. (Or, of course, you could reinstall the OS.)

By: HuronBob

HuronBob — Sat, 07 Jul 2012 13:24:07 -0800

I'm going to buy batteries, it's Y2k all over again!

By: lodurr

lodurr — Sat, 07 Jul 2012 13:30:12 -0800

Work is a Mac shop, and I don't think I've ever had an infection on one of my personal/freelance machines (windows). (Nevertheless, of course I've checked...) Nevertheless I do anticipate having one of my bosses ask me about this on Monday....

By: (Arsenio) Hall and (Warren) Oates

(Arsenio) Hall and (Warren) Oates — Sat, 07 Jul 2012 13:33:58 -0800

Link to determine whether or not your computer is gem dandy.

By: LogicalDash

LogicalDash — Sat, 07 Jul 2012 13:35:29 -0800

Connecting to other computers by IP address (rather than domain name) will still work, if I'm not mistaken. That won't help most people, but perhaps one might work around the problem by using a proxy?

By: caution live frogs

caution live frogs — Sat, 07 Jul 2012 13:37:13 -0800

So... Someone needs to delete the hosts file from these computers, I guess? They are making it sound like a huge deal. It's more like "hey these folks have a bad phone book so instead of giving them a new phone book we are going to disconnect their phones".

By: birdherder

birdherder — Sat, 07 Jul 2012 13:38:22 -0800

I don't understand why instead of just operating as the DNS for all this time, they didn't just redirect all requests to a page with instructions on how to remove it. Because from the media reports I've seen, on Monday if you're infected a page just won't resolve leaving people to figure it out on their own (without the internet). Alos, could the URL they chose to see if you're infected sound any more sketchy? http://www.dns-ok.us/. I mean that sounds like a honey pot for viruses.

By: WaylandSmith

WaylandSmith — Sat, 07 Jul 2012 13:51:22 -0800

By: MikeMc

MikeMc — Sat, 07 Jul 2012 13:53:45 -0800

If I get one more call from a family member about this... My Dad called me today and thought his PC was infected because of some anti-malware software I installed for him. "The guy on the news said "malware" and I see there's malware that you put on my computer so how are you going to fix this." That man should not own a computer.

By: rtha

rtha — Sat, 07 Jul 2012 13:54:52 -0800

Please note, however, that if your ISP is redirecting DNS traffic for its customers you would have reached this site even though you are infected. (from (Arsenio)'s link) But then they don't explain how you know if you're really uninfected if you can get to the site because your ISP is redirecting. Not helpful.

By: benzenedream

benzenedream — Sat, 07 Jul 2012 13:58:11 -0800

Just go to savemyyahoohomepage.spycleaner.gov.cn.

By: jcreigh

jcreigh — Sat, 07 Jul 2012 14:11:31 -0800

I don't understand why instead of just operating as the DNS for all this time, they didn't just redirect all requests to a page with instructions on how to remove it. Hmm, I'm not sure we want to train users to install random fixes from from they internet when they run across a website that says they're infected with malware. And plus many infections were probably on work computers where the user might not even have the permissions required to do the fix. But yeah, now that there's been plenty of time for most infections to be cleaned up, running it as you suggest for a couple weeks would probably be a better option than just shutting it off.

By: the_artificer

the_artificer — Sat, 07 Jul 2012 14:23:44 -0800

Looks like I'll be hearing from a lot of my relatives next week.

By: Blazecock Pileon

Blazecock Pileon — Sat, 07 Jul 2012 14:37:55 -0800

Hopefully, none of these computers are hooked up to control systems in nuclear power plants. That would lead to a pretty unfortunate case of the Mondays.

By: Thorzdad

Thorzdad — Sat, 07 Jul 2012 14:38:29 -0800

I'm pretty sure the guy on talk radio said this was really part of Obama's secret plan to take over the internet.

By: NotSoSiniSter

NotSoSiniSter — Sat, 07 Jul 2012 14:51:58 -0800

Haha good to know. I go back to work Monday, computer repair. I wonder how many computers I'll get with this virus. :)

By: crunchland

crunchland — Sat, 07 Jul 2012 15:02:57 -0800

How to tell if you are among the infected.

By: the man of twists and turns

the man of twists and turns — Sat, 07 Jul 2012 15:03:38 -0800

Still infected, 300,000 PCs to lose Internet access July 9, Ars Technica.

By: markr

markr — Sat, 07 Jul 2012 15:06:45 -0800

So mac users are still smug eh?

By: Chocolate Pickle

Chocolate Pickle — Sat, 07 Jul 2012 15:15:12 -0800

So mac users are still smug eh? Probably, but they shouldn't be.

By: hippybear

hippybear — Sat, 07 Jul 2012 15:17:55 -0800

Just for the record -- iOS devices != Macs. (For now, anyway...)

By: srboisvert

srboisvert — Sat, 07 Jul 2012 15:21:01 -0800

So mac users are still smug eh? You don't need malware to get a macuser's money.

By: ericb

ericb — Sat, 07 Jul 2012 15:33:05 -0800

Apple no longer markets Macs as malware-free, but rather "built for security," and refines protection in Mountain Lion.

By: Obscure Reference

Obscure Reference — Sat, 07 Jul 2012 15:33:46 -0800

I think they should have crises like this several time a year! I think it brings people together.

By: ericb

ericb — Sat, 07 Jul 2012 15:34:23 -0800

Malware Found in Apple's iOS App Store.

By: ericb

ericb — Sat, 07 Jul 2012 15:35:40 -0800

Kaspersky detects new Mac OS X malware attacks.

By: ericb

ericb — Sat, 07 Jul 2012 15:39:18 -0800

I'm a Apple Fanboi (Apple TV, iPhone, iPad and MacBook Pro), but still remind friends and family that we still must employ prophylactic measures in today's viral enviornment.

By: IndigoJones

IndigoJones — Sat, 07 Jul 2012 15:58:28 -0800

Their contributions will be sorely missed. Here's hoping you're not my neighbor.

By: Nelson

Nelson — Sat, 07 Jul 2012 16:14:43 -0800

Malware threat could strike Monday despite unprecedented effort by Google, Facebook and others.

Google and Facebook each used different technical methods of determining which users might have the DNSChanger infection ... Google began showing notices to affected users in May; Facebook followed suit last month. ... Google, meanwhile, made arrangements with the consortium so any infected computer that tried to do a Google search would be routed to a special Google address, where they would see a warning about the malware.

I really don't know what else the industry could have done. Maybe convince Microsoft to run a special Update for folks with the bad DNS server? But no, presumably the machines weren't running updates before being infected. My suspicion is the number of machines still infected is overestimated. Although that seems unlikely; if they're running the DNS server they can count the queries, right? Will be interesting to see what happens. At the risk of feeding the MacOS de-rail, here's my MeFi thread in April on FlashBack on Macs.

By: lodurr

lodurr — Sat, 07 Jul 2012 17:29:03 -0800

I'm a mac user at work and I'm anything but smug about malware. But as far as I can tell the fact that we're a Mac shop renders this irrelevant to my office since we have no critical functions running on Windows that have not been installed since this botnet was taken down.

By: ArkhanJG

ArkhanJG — Sat, 07 Jul 2012 17:29:54 -0800

Apple only support the current and previous version of OSX with security updates. Which means that when mountain lion (10.8) comes out very soon, only that and lion (10.7) will get patches. So if you are still running snow leopard - which was last sold in July 2011 - and don't buy the paid upgrade to lion, no patches for you after that. Assuming 10.8 comes out in october, that's going to be a grand total of 14 months of patches since snow leopard (10.6) was last sold, or just over 3 years since it was launched. Not all macs will run Lion; snow leopard was the last version to support 32 bit core duos for example; and lion ended rosetta support, i.e. any apps with ppc code still in them (such as CS5 photoshop and fireworks did when lion came out) stopped working. XP was launched in 2001. Patch support for it ends april 2014. So 13 years of security patches from launch; last sold in 2008, so that's 6 years of free patches vs 14 months from apple since end-of-lifed. And of course, if you'd actually been applying those windows patches through the automatic update system you have to intentionally turn off and ignore the warnings, you wouldn't have been vulnerable to dnschanger in the first place. Of course, flashback wouldn't have even been a problem on osx in the first place if apple hadn't dragged their feet for literally months on rolling out the upstream patches from oracle for apple's included version of java. As it was, only snow leopard and lion got the fix - some weeks after the infection was widespread - in line with apple's current and previous version support. Leopard (10.5) did belatedly get the update, the only patches it has had since Lion was released; and even then, it didn't run on powerpc systems running leopard. So don't be too smug about running OSX re: security. Unless you don't mind having all updates and security patches stopped for your OS just over a year after it came off the shelf and having to buy the paid upgrade, assuming your computer will even run it.

By: lodurr

lodurr — Sat, 07 Jul 2012 17:36:03 -0800

alright, I'm going to resist the temptation to derail hard on apple's grand migration to a shameless planned obsolescence policy and just say: yes, I'm aware of all that, and it's annoying as hell.

By: ArkhanJG

ArkhanJG — Sat, 07 Jul 2012 17:38:41 -0800

Hmm, I see mountain lion is actually scheduled for july, and rumour has it on july 25th, a year after lion to the day. So only 12 months worth of patches since snow leopard was withdrawn from sale, not 14. If you're still on snow leopard, time to upgrade to lion, you've only a couple of weeks left before your OS gets end-of-lifed. Since you can't upgrade direct to mountain lion, you'll have to buy and install lion from the app store first even if you do want to jump forward to mountain lion. (assuming your mac will run it; my core 2 duo mini is stuck with lion). Good thing I forced my boss to upgrade to Lion last week - he was really hanging onto snow leopard and his mobile.me sync, didn't realise end-of-life was even closer than I thought.

By: ArkhanJG

ArkhanJG — Sat, 07 Jul 2012 17:40:09 -0800

Sorry lodurr, my comment wasn't directed at you (I didn't preview I'm afraid) - I was writing it to actually smug comments further up.

By: Mezentian

Mezentian — Sat, 07 Jul 2012 18:00:22 -0800

Like so many people, I am not looking forward to work on Monday. The idiot ratio is high, the Windows ratio higher, the IT department are contractors. (Ubuntu ~~4 Lyfe~~ Until It Gets Really Annoying. Which, to be fair, is getting closer.) I had barely heard about this somehow, so I this thread may also have saved me a headache.

By: obiwanwasabi

obiwanwasabi — Sat, 07 Jul 2012 18:06:18 -0800

"Daddy, why are the typhoid-infected, ebola-carrying lepers pointing at you and laughing?" "They heard I might maybe possibly catch a cold if I'm not reasonably careful." "Can I have a bite of your apple, Daddy?" "Did you think I was going to make you eat glass, son?"

By: cashman

cashman — Sat, 07 Jul 2012 18:10:03 -0800

Man. A few people need to come down off the high horse.

By: windykites

windykites — Sat, 07 Jul 2012 18:10:08 -0800

I'm glad this thread showed up. I saw some sort of warning about this problem, but I assumed it was a hyperbolic scam. Dire warnings of tons of computers going offline and it can only be stopped by visiting a website are not usually even worth looking into.

By: RichardP

RichardP — Sat, 07 Jul 2012 18:17:07 -0800

If you're still on snow leopard, time to upgrade to lion, you've only a couple of weeks left before your OS gets end-of-lifed. Since you can't upgrade direct to mountain lion, you'll have to buy and install lion from the app store first even if you do want to jump forward to mountain lion. This is not true, according to Apple, anyone running the latest version of Snow Leopard (OS X 10.6.8) will be able to upgrade directly to Mountain Lion.

By: quonsar II: smock fishpants and the temple of foon

quonsar II: smock fishpants and the temple of foon — Sat, 07 Jul 2012 18:21:45 -0800

On Monday hundreds of thousands of computers will lose their ability to connect to the Internet. good riddance.

By: Chocolate Pickle

Chocolate Pickle — Sat, 07 Jul 2012 18:23:13 -0800

I'll look forward to reading all the combat reports here Monday evening!

By: d. z. wang

d. z. wang — Sat, 07 Jul 2012 18:39:19 -0800

So the authors of DNSChanger wrote software that cracked millions of computers running different configurations of different patch states of different versions of Windows on different hardware, and maintained a farm of malicious DNS servers capable of handling the queries from all those machines, all toward the end goal of fraudulently driving up some ad impression counts? This is the same feeling I got when someone explained to me that MapReduce was invented to show us more relevant ads. At this rate, if we ever make it back to the moon, it'll be to generate buzz for some limited-edition NASA bobble-head dolls. I'm trying to find a term to describe how I feel right now, and bathos isn't quite cutting it. This is like the anti-banality of evil. Instead of making horrible things acceptable, we're making awesome, fantastic things mundane.

By: ChuraChura

ChuraChura — Sat, 07 Jul 2012 18:49:26 -0800

Yeah, how dare people who aren't as tech-literate as you use computers.

By: MikeMc

MikeMc — Sat, 07 Jul 2012 19:20:28 -0800

Yeah, how dare people who aren't as tech-literate as you use computers. Spend some time doing family tech support for my parents and get back to me. Mom: I have no sound. Me: Is everything plugged in? Power? Is the green plug inserted into the green jack on the back of the computer? Mom: Yes. Me: Double check, I'll wait. [waits] Mom: Everything is plugged in, no sound. [40 minutes of possible fixes later] Mom: Still no sound. Me: Don't know what to tell you, maybe you need new speakers. [3 days later] Mom: I have sound again. Me: What happened? Mom: The power cord for the speakers wasn't plugged in. Me: [Facepalm] You said you checked that! Mom: I was sure it was plugged in. And on and on and on...

By: not_that_epiphanius

not_that_epiphanius — Sat, 07 Jul 2012 19:44:22 -0800

according to Apple, anyone running the latest version of Snow Leopard (OS X 10.6.8) will be able to upgrade directly to Mountain Lion. Not according to that link: "Step 1: Make sure your Mac can run Mountain Lion. Your Mac must be one of the following models:" (my Mac is not one of them, and runs Snow Leopard, and Lion, fine).

By: cmyk

cmyk — Sat, 07 Jul 2012 20:13:03 -0800

I used to have a friend who was a panicky sort of computer illiterate, compounded by the unfortunate fact that he Never Needed To Be Taught Anything Ever, because he already knew how everything worked. Perfectly. He did not appreciate anyone assuming he was stupid and trying to tell him things; that was a horrible offense. I fixed his computer a lot. And then his boyfriend's, and his cousin's, and had we not severed contact I probably would have been tech support for his entire (large) family. I don't know why, but it was okay for me to fix a problem as long as I did not explain how I did it. It was very funny, sometimes, to manufacture a 'crisis' that could be easily solved. Fridge magnets in front of the CRT monitor. Flipping the voltage switch on the power supply to sit bang in the middle so nothing worked. Setting the laptop to automatically log-out any other device that logged into email and IM. The panicked phone calls (and, later, text messages) were completely golden, and because he never wanted to know how I worked the computer voodoo (it being beneath him, or whatever), he never suspected I was behind it. "Dude, I have no idea, you just have bad luck. And you watch too much porn."

By: w0mbat

w0mbat — Sat, 07 Jul 2012 20:13:55 -0800

By: krinklyfig

krinklyfig — Sat, 07 Jul 2012 20:22:35 -0800

Apple no longer markets Macs as malware-free, but rather "built for security," and refines protection in Mountain Lion. Wow! They give you a mountain lion for protection! I don't know if it will work, but that's way cool ... ... What?

By: andendau

andendau — Sat, 07 Jul 2012 21:47:40 -0800

I feel sorry for the possibly massive amount of ordinary folks that have computers that will mysteriously stop working for them. No one wants to spring for computer repair and there are so many services that are only accessible through the internet. .

By: dirigibleman

dirigibleman — Sat, 07 Jul 2012 21:51:50 -0800

The FBI handled this in a remarkably stupid way, just temporarily hiding the problem.. They should have made their replacement DNS servers redirect Google .com to a FBI website that told them they were infected and how to fix it. On the other hand, as others have pointed out, do we really want people to listen to what some random web site tells them about their computers? (Your computer is broadcasting your IP address!)

By: russm

russm — Sat, 07 Jul 2012 23:22:42 -0800

according to Apple, anyone running the latest version of Snow Leopard (OS X 10.6.8) will be able to upgrade directly to Mountain Lion.
Not according to that link:
I don't think he meant that any machine that runs 10.6 will also run 10.8, but was responding to ArkhanJG's assertion that you can't upgrade from 10.6 to 10.8 without going via. 10.7.

By: vsync

vsync — Sun, 08 Jul 2012 00:20:22 -0800

lose their ability to connect to the Internet

No, they will have to select other nameservers. Oh and your linked article misspelled "Web site". Hardly an authority.

By: vsync

vsync — Sun, 08 Jul 2012 00:21:00 -0800

dirigibleman, centipedes?! In my vagina?!

By: deborah

deborah — Sun, 08 Jul 2012 00:27:05 -0800

It's dangerous out there, take this.

By: BiggerJ

BiggerJ — Sun, 08 Jul 2012 00:37:12 -0800

I went to a government website that automatically told me that I wasn't infected, but also said that it might be a false positive. The manual instructions told me to use ipconfig, which revealed that my DNS server connection is handled router-side, and therefore, that I might still be infected. Being unable to find my router's manual in order to access its settings, I looked up the instructions online and finally discovered that I was not infected. I am not among the hapless masses who would have given up partway through. I feel good about myself.

By: Mokusatsu

Mokusatsu — Sun, 08 Jul 2012 01:23:19 -0800

If the authorities now running the network have the ability to re-route traffic, why not re-route everyone to a page announcing that they have the virus and providing the link to fix it?

By: kaibutsu

kaibutsu — Sun, 08 Jul 2012 03:46:25 -0800

Like a million web browsers crying out, and then... silence...

By: lodurr

lodurr — Sun, 08 Jul 2012 04:51:02 -0800

Oh and your linked article misspelled "Web site". Hardly an authority. The world does not live or die according to the NYT style guide. If it did, for example, we'd all be spelling "website" the way you do, instead of the way that the rest of the web has been spelling it since 1996.

By: Gungho

Gungho — Sun, 08 Jul 2012 05:20:49 -0800

So mac users are still smug eh? Probably, but they shouldn't be. posted by Chocolate Pickle at 6:15 PM on July 7 [3 favorites +] [!] Macs have had three or four incidents since January of this year. Windows had 1,017,208 new malware attacks in the first half of 2010 alone.

By: Secret Life of Gravy

Secret Life of Gravy — Sun, 08 Jul 2012 06:43:25 -0800

I am trying to think of another piece of technology introduced to the masses that is so complicated and so vulnerable to attack. Sure early cars were finicky and required the ability to master the basics of running and maintaining the equipment but they weren't easily disabled or even ruined by random strangers for no reason.

By: crunchland

crunchland — Sun, 08 Jul 2012 07:13:01 -0800

Most people don't have a clue how the engine in their car works, and it's equally vulnerable to being attacked. It's just hard to do it as effectively and anonymously as a poison pill over the internet.

By: Secret Life of Gravy

Secret Life of Gravy — Sun, 08 Jul 2012 07:43:53 -0800

Of course most people don't know how their car works but other than filling it with gas and pushing a few buttons and depressing the gas pedal you don't need to know how your car (TV, lawn mower, air conditioner, refrigerator) works. We are not at that level of user-friendly computers yet and I question that we will ever be. And yes, I did think about strangers filling your car's gas tank with sugar or swiping your distributor cap but one bad guy can't disable tens of thousands of cars just for fun. Plus you can lock your car up in a garage and keep it safe in between drives but keeping your computer safe requires more effort and more knowledge.

By: ericb

ericb — Sun, 08 Jul 2012 08:07:18 -0800

Hackers steal BMWs in 3 minutes using security loophole.

By: ersatz

ersatz — Sun, 08 Jul 2012 08:25:58 -0800

I think it's a tragedy that 100's of thousands of people who have not installed any patches or security updates to windows over the last several years will have their ability to connect to the internet impaired until someone knowledgable does maintenance on them. Their contributions will be sorely missed. God forbid someone who has lived most of their life without bothering with computers, a writer, a woodworker, a classical musician or a traditional farmer might have something worthwhile to say. I'm so disappointed so many people marked that as a favourite.

By: heathkit

heathkit — Sun, 08 Jul 2012 08:36:57 -0800

Connecting to other computers by IP address (rather than domain name) will still work, if I'm not mistaken. That won't help most people, but perhaps one might work around the problem by using a proxy? In situations like this, I fall back on what I call "DNS-over-Pete". I phone up my friend Pete and ask him to ping the host I'm interested in and tell me the IP.

By: jcreigh

jcreigh — Sun, 08 Jul 2012 09:22:05 -0800

Pro-tip: Google runs public-facing DNS servers at 8.8.8.8 and 8.8.4.4 Easy to remember if you want to ping something on the public internet without doing a DNS lookup, or to use as a DNS server if something is wonky with your ISP's servers.

By: Blazecock Pileon

Blazecock Pileon — Sun, 08 Jul 2012 14:02:33 -0800

If the authorities now running the network have the ability to re-route traffic, why not re-route everyone to a page announcing that they have the virus and providing the link to fix it? It's kind of like living before the time of antibiotics and not wanting to run up and vigorously shake the hand of every leper you meet. You don't know where else they've been. Actually, that's a pretty good question.

By: Reverend John

Reverend John — Sun, 08 Jul 2012 22:25:41 -0800

Errr... so what does it mean that www.dns-ok.us is coming up "server not found" for me, but downforeveryoneorjustme.com reports it as up, BUT the other detection sites listed at http://www.dcwg.org/detect/ show me as unaffected by DNSChanger, and the dns servers listed for my computer and my router are not on the list of malicious servers? Am I OK? Why can't I reach www.dns-ok.us?

By: Reverend John

Reverend John — Sun, 08 Jul 2012 22:48:13 -0800

Eh, guess I'd already be screwed actually! Freaked me out for a minute there, though.

By: Mezentian

Mezentian — Sun, 08 Jul 2012 23:57:49 -0800

www.dns-ok.us was down about an hour or two ago on my partner's machine. Seems to be working now, for me. Of course, in a whim I tried dns-changer.eu and my "DNS Settings are manipulated!" but the AU.gov website says "This temporary solution was switched off at 2pm AEST on 9 July 2012". So, these tools are... not reliable.

By: crunchland

crunchland — Mon, 09 Jul 2012 12:35:54 -0800

DNSChanger apocalypse: Like Y2K, but even snoozier : "We haven't seen a single report" of someone losing Internet access, said Johannes Ullrich, chief research officer at the SANS Institute. "It's all hype. There's really nothing happening."

By: WaylandSmith

WaylandSmith — Mon, 09 Jul 2012 16:06:48 -0800

Just to clarify my snarkey comment here, the "contributions" I was referring to were the "contributions" that their unprotected, infected computers were making to various botnets and malware out there. It seems a few people assumed I was referring to their potential creative contributions. I feel that those "contributions" are the responsibility of the owner of the computer and my understanding is by simply having automatic updates turned on for Windows, this problem would not have affected you, so I hardly think that "not being a computer expert" is an excuse. If you have a car on the road and you don't maintain it, you're still liable if it loses a wheel and damages someone else's car. "I'm not a mechanic" is not an excuse. When the DNS servers turn off, they will be forced to have their computer serviced so that it is fit to be on the internet.

By: caution live frogs

caution live frogs — Wed, 11 Jul 2012 09:57:18 -0800

ArkhanJG: "lion ended rosetta support, i.e. any apps with ppc code still in them (such as CS5 photoshop and fireworks did when lion came out) stopped working." I'm running Lion. Photoshop CS4 works fine. I don't know what you are talking about unless you meant to say CS3 or something?