The DNSChanger Working Group's replacement DNS servers were taken offline as scheduled on Monday, 9 July. However, rather than leaving an estimated 300,000 machines without internet services it seems that many ISP have configured their own substitute DNS servers, so that at least some pox-ridden machines still have a safety net …
If it was up to me...
...I'd keep the DNS servers, for a limited period of time, up but redirect all requests to a page giving instructions on how to fix the problem. I see no reason to support infected machines indefinitely.
Re: If it was up to me...
Should have done this from Day One. In any case, I still cannot subscribe to the idea of putting in resources to keep infected machines operable. The sooner they "break" the sooner they'll be fixed.
Paris, long broken
Re: If it was up to me...
I think you are right, the FBI shouldn't have even bothered in the first place.
"The sooner they break the sooner they get fixed"
Some in Corporate news are reporting this as a false flag attack!
What a joke.
The MSM doesn't report TCPIP correctly -- ever.
For the PARANOID IDIOTS who actually are effected/infected.
1. REMOVE THE WORM OFF YOUR BOXEN
Use whatever method you want, I like D7 myself.
2. CALL YOUR ISP AND GET YOUR PRIMARY AND SECONDARY DNS, GO TO NETWORK SETTINGS AND TYPE THEM IN.
Now you aren't using the FBI's DNS Server.
I know that's hard for you all to understand, especially with all the misinformation
( Where misinformation = http://www.google.com/search?q=DNS+changer+false+flag )
by the media.
Re: Some in Corporate news are reporting this as a false flag attack!
You appear to be confusing The Media with a few Internet conspiracy kooks.
I stand corrected Chris3
Damn. Your right, what was I thinking.
Except, while looking closely, the information appears to be based on videos by local TV stations
Anyway, you are right I wasn't sure if I should have stated it
Where You =
Where Misinformation =
The truth is I didn't want to point at specific websites, because some of them have legit arguments of other topics on them.
Why? Why? Why? Why? Why? Why? Why? Why? Why? Why? Why? Why? Why? Why? Why?
With all the publicity, if the idiots can't be bothered to sort themselves out let 'em burn.
1. Last week I heard countless media stories completely misreporting this, that "all of these computers would lose their connection to the internet". !!?!?!?!?!? OH NOOOEEEESS?!?!?!?!?!?
2. For as many ISP's that would like to do the right thing and keep granny's infected box running, you'd think that Microsoft, or Dell, or HP, would buy up the IP addresses and redirect everyone to a page telling them that their computer was broken and to buy a new one ASAP!?!?! I bet they spend a lot more money shifting 300,000 PC's, this would be cheap advertising.
I completely agree that if those things aren't fixed by now then screw 'em. If all of this crap reporting hasn't triggered people into doing something then it is pretty unlikely that they're going to wake up with a clue at this point.
Re: two things
"keep granny's infected box running"
not really the users they care about
It seems they're not doing this to support the poor dear users who won't be able to use facebook, but because the ISPs don't want to handle the support calls.
Re: not really the users they care about
Why should the ISP be on the hook for cleaning up someones virus ridden POS anyhow?
Re: Re: not really the users they care about
No one said that the ISP is on the hook. But that won't stop users from calling them anyway.
Taper them off
They know the IPs of the infected users so why not have each ISP cut off a few people each day (just have a shell script that adds 10-15 address to the firewall each day) then deal with the calls of people that no longer have a connection. Tech support will not be overwhelmed if done properly and they will no longer have to run these servers. Done right, it will be very painless and the most they'd need is one more Support Drone for a couple months.
Shut down, turn off
Find the box it came in
>>3 support calls?
Seriously? 3? A whole THREE support calls. Gees. Not three hundred, or a three thousand, but three?
What doesn't appear broken never gets fixed
Sigh.... while I can understand wanting to "help" customers by making sure they have access.... these machines are likely ridden with other spy/malware and the user is likely completely unaware "because everything works as normal".
If the ISP's really wanted to help, offer tech support calls who'll come and try and fix the infection for you. Yeah right, and then get sued because someones photos no longer open or something absurd like that. I know :(
I think the biggest problem to overcome is people who don't understand what the problem is. So the temporary DNS servers get switch off and they can no longer resolve hostnames. How many will just assume it's another virus and buy something like Norton, or just ignore it? Their ISP may well email them to say what to do, but those are very easy to spoof judging by all the spam "your mailbox has exceeded its limits" emails I get. El Reg obviously has quite a technically aware audience but I know some people think everything hangs off Google and even type URLs into the search box. Trying to explain the vagaries of DNS and DHCP to them can be very difficult. Personally I'd write to infected customers using ye olde paper letters complete with illustrated step-by-step instructions on how to find and fix the problem, and then have a helpline number if they get stuck.
My wife types urls in the google box.... she knows she shouldn't/doesn't need to but she does it because thats where the cursor is to start with...
Interestingly I found this means she hardly ever manages to typo a url as google will suggest the correct one pretty swiftly, and they do at least "try" and filter out bad pages too :)
Probably better to not prolong the problem
IMO it would be better to fix the contaminated PCs now.