The DNSChanger Working Group's replacement DNS servers were taken offline as scheduled on Monday, 9 July. However, rather than leaving an estimated 300,000 machines without internet services it seems that many ISP have configured their own substitute DNS servers, so that at least some pox-ridden machines still have a safety …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Monday 9th July 2012 17:17 GMT ed2020

If it was up to me...

...I'd keep the DNS servers, for a limited period of time, up but redirect all requests to a page giving instructions on how to fix the problem. I see no reason to support infected machines indefinitely.

21 1
1. Monday 9th July 2012 18:11 GMT Alan W. Rateliff, II
  
  Re: If it was up to me...
  
  Should have done this from Day One. In any case, I still cannot subscribe to the idea of putting in resources to keep infected machines operable. The sooner they "break" the sooner they'll be fixed.
  
  Paris, long broken
  
  3 1
  1. Monday 9th July 2012 18:45 GMT Anonymous Coward
    
    Re: If it was up to me...
    
    I think you are right, the FBI shouldn't have even bothered in the first place.
    
    "The sooner they break the sooner they get fixed"
    
    EXACTLY!
    
    3 1
Monday 9th July 2012 18:17 GMT Anonymous Coward

Some in Corporate news are reporting this as a false flag attack!

What a joke.

The MSM doesn't report TCPIP correctly -- ever.

For the PARANOID IDIOTS who actually are effected/infected.

1. REMOVE THE WORM OFF YOUR BOXEN

Use whatever method you want, I like D7 myself.

2. CALL YOUR ISP AND GET YOUR PRIMARY AND SECONDARY DNS, GO TO NETWORK SETTINGS AND TYPE THEM IN.

Now you aren't using the FBI's DNS Server.

I know that's hard for you all to understand, especially with all the misinformation

( Where misinformation = http://www.google.com/search?q=DNS+changer+false+flag )

by the media.

1 5
1. Monday 9th July 2012 18:24 GMT Chris 3
  
  Re: Some in Corporate news are reporting this as a false flag attack!
  
  You appear to be confusing The Media with a few Internet conspiracy kooks.
  
  0 0
Monday 9th July 2012 18:35 GMT Anonymous Coward

I stand corrected Chris3

Damn. Your right, what was I thinking.

Except, while looking closely, the information appears to be based on videos by local TV stations

Anyway, you are right I wasn't sure if I should have stated it

Where You =

instead of

Where Misinformation =

The truth is I didn't want to point at specific websites, because some of them have legit arguments of other topics on them.

0 0
Monday 9th July 2012 19:24 GMT Will Godfrey

Why?

Why? Why? Why? Why? Why? Why? Why? Why? Why? Why? Why? Why? Why? Why? Why?

With all the publicity, if the idiots can't be bothered to sort themselves out let 'em burn.

4 1
Monday 9th July 2012 20:11 GMT Timo

two things

1. Last week I heard countless media stories completely misreporting this, that "all of these computers would lose their connection to the internet". !!?!?!?!?!? OH NOOOEEEESS?!?!?!?!?!?

2. For as many ISP's that would like to do the right thing and keep granny's infected box running, you'd think that Microsoft, or Dell, or HP, would buy up the IP addresses and redirect everyone to a page telling them that their computer was broken and to buy a new one ASAP!?!?! I bet they spend a lot more money shifting 300,000 PC's, this would be cheap advertising.

I completely agree that if those things aren't fixed by now then screw 'em. If all of this crap reporting hasn't triggered people into doing something then it is pretty unlikely that they're going to wake up with a clue at this point.

0 0
1. Tuesday 10th July 2012 05:42 GMT Anonymous Coward
  
  Re: two things
  
  "keep granny's infected box running"
  
  ewwwwwwwww!
  
  3 1
Monday 9th July 2012 21:16 GMT Adrian 4

not really the users they care about

It seems they're not doing this to support the poor dear users who won't be able to use facebook, but because the ISPs don't want to handle the support calls.

0 1
1. Monday 9th July 2012 22:39 GMT Rab Sssss
  
  Re: not really the users they care about
  
  Why should the ISP be on the hook for cleaning up someones virus ridden POS anyhow?
  
  1 1
  1. Tuesday 10th July 2012 00:58 GMT Comments are attributed to your handle
    
    Re: Re: not really the users they care about
    
    No one said that the ISP is on the hook. But that won't stop users from calling them anyway.
    
    0 0
Tuesday 10th July 2012 00:22 GMT Crazy Operations Guy

Taper them off

They know the IPs of the infected users so why not have each ISP cut off a few people each day (just have a shell script that adds 10-15 address to the firewall each day) then deal with the calls of people that no longer have a connection. Tech support will not be overwhelmed if done properly and they will no longer have to run these servers. Done right, it will be very painless and the most they'd need is one more Support Drone for a couple months.

2 0
Tuesday 10th July 2012 05:45 GMT Winkypop

Shut down, turn off

Find the box it came in

Return

0 0
Tuesday 10th July 2012 07:33 GMT Justin Clements

Seriously?

>>3 support calls?

Seriously? 3? A whole THREE support calls. Gees. Not three hundred, or a three thousand, but three?

0 0
Tuesday 10th July 2012 07:36 GMT DJ Smiley

What doesn't appear broken never gets fixed

Sigh.... while I can understand wanting to "help" customers by making sure they have access.... these machines are likely ridden with other spy/malware and the user is likely completely unaware "because everything works as normal".

If the ISP's really wanted to help, offer tech support calls who'll come and try and fix the infection for you. Yeah right, and then get sued because someones photos no longer open or something absurd like that. I know :(

4 0
Tuesday 10th July 2012 08:27 GMT mhoulden

I think the biggest problem to overcome is people who don't understand what the problem is. So the temporary DNS servers get switch off and they can no longer resolve hostnames. How many will just assume it's another virus and buy something like Norton, or just ignore it? Their ISP may well email them to say what to do, but those are very easy to spoof judging by all the spam "your mailbox has exceeded its limits" emails I get. El Reg obviously has quite a technically aware audience but I know some people think everything hangs off Google and even type URLs into the search box. Trying to explain the vagaries of DNS and DHCP to them can be very difficult. Personally I'd write to infected customers using ye olde paper letters complete with illustrated step-by-step instructions on how to find and fix the problem, and then have a helpline number if they get stuck.

0 0
1. Tuesday 10th July 2012 11:30 GMT DJ Smiley
  
  My wife types urls in the google box.... she knows she shouldn't/doesn't need to but she does it because thats where the cursor is to start with...
  
  Interestingly I found this means she hardly ever manages to typo a url as google will suggest the correct one pretty swiftly, and they do at least "try" and filter out bad pages too :)
  
  1 0
Wednesday 11th July 2012 20:32 GMT Anonymous Coward

Probably better to not prolong the problem

IMO it would be better to fix the contaminated PCs now.

0 0