DNSChanger shutdown misses 'internet doomsday'

Powered by SC Magazine

ISPs step in as FBI pulls plug on DNSChanger.

US authorities have officially cut off servers in New York put in place to direct internet traffic for computers infected with the DNSChanger malware.

But concerns around a potential internet blackout for an estimated 211,000 computers still believed to be infected at the time of the shut down were ultimately unfounded.

Approximately 6000 Australian internet subscribers faced a similar fate locally, with the majority sourced to Telstra connections.

"All quiet," said Barry Greene, a security consultant who volunteers with the DNS Changer Working Group, an ad-hoc group of experts who teamed up to help fight the virus and educate the public about eradicating the malware.

The working group was using the number of service calls to internet service providers as a barometer for measuring the impact of the sever shutdowns.

As of Monday afternoon New York time, providers had seen no increase in call volume.

"The outreach campaign has reached everyone humanly possible," Greene said.

Victims of the virus originally required assistance because the virus had changed DNS settings on their PCs or routrs, diverting internet traffic through rogue servers that showed them advertisements. Police shut them down in November.

Infected machines would have been unable to access the web unless they were repaired, so authorities put the backup system in place as a stopgap measure.

That is a tiny fraction of the world's more than one billion Internet users, said Luis Corrons Granel, technical director with the research lab of anti-virus software maker Panda Security.

"[It's] not a big impact," he said.

The number of users who actually lost Internet service was likely far fewer than the 211,000 who accessed the temporary server on Sunday, said Mikko Hypponen, of FSecure.

Some internet service providers — such as AT&T and Time Warner Cable in the US, and Telstra in Australia — had set up their own DNS redirection servers so customers with infected machines could continue to access the internet.

The US has charged seven people with orchestrating the worldwide internet fraud. Six were arrested in Estonia, while the seventh, who was living in Russia, is still at large. Estonia has extradited two of the men to New York, where they appeared in Manhattan federal court.

DNSChanger shutdown misses 'internet doomsday'
Police confiscate servers during a raid in Estonia. Source: Mikko Hyppönen/F-Secure
Top Stories
Business-focused Windows 10 brings back the Start menu
Microsoft skips 9 for the "greatest enterprise platform ever".
Feeling Shellshocked?
Stay up to date with patching for the Bash bug.
Amazon forced to reboot EC2 to patch Xen bug
Rolling restarts over next week.
Police confiscate servers during a raid in Estonia. Source: Mikko Hyppönen/F-Secure
Sign up to receive iTnews email bulletins
Latest Comments
Which is the most prevalent cyber attack method your organisation faces?

   |   View results
Phishing and social engineering
Advanced persistent threats
Unpatched or unsupported software vulnerabilities
Denial of service attacks
Insider threats