Federal authorities have applied for permission to extend the operation of a safety net that allows machines infected by the DNSChanger Trojan to surf the net as normal beyond a 8 March deadline. DNSChanger changed an infected system's domain name system (DNS) settings to point towards rogue servers that hijacked web searches …
Why a complete shutdown?
Just start toggling the surrogate DNS servers to redirect to a warning site for a few minutes a day. Most users will just find this a nuisance and delay getting their systems fixed. So then increase the duration of the redirection slowly until it becomes a major pain. If some lazy morons refuse to clean up their machines, they can live with an Internet that works for maybe an hour a day.
That's just stupid. Let the damned things die. When they can't connect to the internet anymore maybe just maybe they will pull their fingers out and FIX their infected machines! I cannot believe how stupid these people are who come up with this crap.
And how will they fix their machines if they can't access the internet?
Re: how will they fix their machines?
They take it back to to the shop and pay the ignorance tax, just like in the old days.
Redirect all sites
Force all names to resolve to one set of servers. Make them serve pages that say "your computer is infected. It is being used for illegal activity. Get it fixed before we kick in your door. Love - DHS".
Or just redirect everything to goatse.
Re: Redirect all sites
Goatse? You are one sick person...
Turning off the replacement DNS servers will prevent the infected (and unprotected) machines from resolving any URLs... Therefore protecting them from hurting themselves further, or sending more spam.
Sounds like a win win for the rest of the intarweb. Pull the plug!
RE: Redirect all sites
Exactly how is a person who has been fairly clueless for 120 days meant to distinguish that particular infect threat from the other dozen or so per day?
It's like my bank, who send me notices indistinguishable from phishing attempts, and can't understand why I don;t want to sign up for online banking.
Stop messing about and get these machines properly cleaned up !
I remember when DNS changer trojans first hit my campus... I sent out warnings to people telling them that their machines were infected, and that they need to sort themselves out pronto. Typical responses (from those that replied):
"Why should I bother ? My machine appears to be working at the moment !"
"What's it to you if I use different DNS servers ?"
"No, I think you'll find that YOUR DNS servers are infected" - that was from a computer science student who thought OpenBSD was prone to viruses just like Windows *facepalm*.
Okay, I've tried to be reasonable about this, time to break stuff... I reprogrammed the firewalls to only allow outbound DNS requests from the official campus servers, and a few staff workstations for testing/diagnostic purposes. OpenDNS was also allowed, as some folks were using this legitimately.
It's funny how people sat up and started paying attention when their internets suddenly broke.
Helpdesk was instructed on how to check which DNS servers were being used, anyone not using the normal servers for their part of campus (or OpenDNS) had to get their machine checked over and/or rebuilt.
Leaving all those infected machines unfixed for so long isn't doing anybody any favours, least of all the affected users. Trojans enjoy company, and you can bet quite a few of those machines will be riddled with other nasties.
March 8th should be payback for all the damage that unmaintained computers are doing. Buy a computer that you can maintain or don't plug it in to the rest of the world.
>The alleged ringleader of the group, Vladimir Tsastsin, and another suspect have been already cleared for extradition to the US. Baltic Business News reports that local courts approved the extradition of the four remaining suspects last week.<
Eh? Why are they being tried in America? were no British or Estonian or Chinese PCs infected? When did the USA become 'judge, jury & executioner' for the entire world? Must've missed that memo.
(well done on taking down the botnet tho')
While I'm not a lawyer, I believe it may be because a majority of their companies that were not Estonian, Ukranian, or Russian, were based out of New York City and California, and they rented their server space in NYC.
Just switch the fucking things off.
They've had plenty of time to sort their machines. Just switch the damn DNSchanger servers off.