back to article Feds apply for DNSChanger safety net extension

Federal authorities have applied for permission to extend the operation of a safety net that allows machines infected by the DNSChanger Trojan to surf the net as normal beyond a 8 March deadline. DNSChanger changed an infected system's domain name system (DNS) settings to point towards rogue servers that hijacked web searches …

COMMENTS

This topic is closed for new posts.
  1. Paul Hovnanian Silver badge
    Meh

    Why a complete shutdown?

    Just start toggling the surrogate DNS servers to redirect to a warning site for a few minutes a day. Most users will just find this a nuisance and delay getting their systems fixed. So then increase the duration of the redirection slowly until it becomes a major pain. If some lazy morons refuse to clean up their machines, they can live with an Internet that works for maybe an hour a day.

  2. Dick Emery
    WTF?

    WHY?????????????

    That's just stupid. Let the damned things die. When they can't connect to the internet anymore maybe just maybe they will pull their fingers out and FIX their infected machines! I cannot believe how stupid these people are who come up with this crap.

    1. Anonymous Coward
      Anonymous Coward

      Re: WHY?????????????

      And how will they fix their machines if they can't access the internet?

      1. Peter Mc Aulay
        FAIL

        Re: how will they fix their machines?

        They take it back to to the shop and pay the ignorance tax, just like in the old days.

  3. Anonymous Coward
    Anonymous Coward

    Redirect all sites

    Force all names to resolve to one set of servers. Make them serve pages that say "your computer is infected. It is being used for illegal activity. Get it fixed before we kick in your door. Love - DHS".

    Or just redirect everything to goatse.

    1. pcsupport
      WTF?

      Re: Redirect all sites

      Goatse? You are one sick person...

  4. Steve Evans

    So...

    Turning off the replacement DNS servers will prevent the infected (and unprotected) machines from resolving any URLs... Therefore protecting them from hurting themselves further, or sending more spam.

    Sounds like a win win for the rest of the intarweb. Pull the plug!

  5. Mike 16

    RE: Redirect all sites

    Exactly how is a person who has been fairly clueless for 120 days meant to distinguish that particular infect threat from the other dozen or so per day?

    It's like my bank, who send me notices indistinguishable from phishing attempts, and can't understand why I don;t want to sign up for online banking.

  6. Chris King
    Boffin

    Stop messing about and get these machines properly cleaned up !

    I remember when DNS changer trojans first hit my campus... I sent out warnings to people telling them that their machines were infected, and that they need to sort themselves out pronto. Typical responses (from those that replied):

    "Why should I bother ? My machine appears to be working at the moment !"

    "What's it to you if I use different DNS servers ?"

    "No, I think you'll find that YOUR DNS servers are infected" - that was from a computer science student who thought OpenBSD was prone to viruses just like Windows *facepalm*.

    Okay, I've tried to be reasonable about this, time to break stuff... I reprogrammed the firewalls to only allow outbound DNS requests from the official campus servers, and a few staff workstations for testing/diagnostic purposes. OpenDNS was also allowed, as some folks were using this legitimately.

    It's funny how people sat up and started paying attention when their internets suddenly broke.

    Helpdesk was instructed on how to check which DNS servers were being used, anyone not using the normal servers for their part of campus (or OpenDNS) had to get their machine checked over and/or rebuilt.

    Leaving all those infected machines unfixed for so long isn't doing anybody any favours, least of all the affected users. Trojans enjoy company, and you can bet quite a few of those machines will be riddled with other nasties.

  7. Kevin McMurtrie Silver badge
    Terminator

    Kill them

    March 8th should be payback for all the damage that unmaintained computers are doing. Buy a computer that you can maintain or don't plug it in to the rest of the world.

  8. Tony Paulazzo
    Mushroom

    >The alleged ringleader of the group, Vladimir Tsastsin, and another suspect have been already cleared for extradition to the US. Baltic Business News reports that local courts approved the extradition of the four remaining suspects last week.<

    Eh? Why are they being tried in America? were no British or Estonian or Chinese PCs infected? When did the USA become 'judge, jury & executioner' for the entire world? Must've missed that memo.

    (well done on taking down the botnet tho')

    1. BMor
      Meh

      While I'm not a lawyer, I believe it may be because a majority of their companies that were not Estonian, Ukranian, or Russian, were based out of New York City and California, and they rented their server space in NYC.

  9. Jon Lawrence
    FAIL

    Just switch the fucking things off.

    They've had plenty of time to sort their machines. Just switch the damn DNSchanger servers off.

This topic is closed for new posts.

Other stories you might like