FBI will shutdown the Internet on March 8

Millions of computer users across the world could be blocked off from the Internet as early as March 8 if the FBI follows through with plans to yank a series of servers originally installed to combat corruption. Last year, authorities in Estonia apprehended six men believed responsible for creating a malicious computer script called the DNSChanger Trojan. Once set loose on the Web, the worm corrupted computers in upwards of 100 countries, including an estimated 500,000 in America alone. The US Federal Bureau of Investigation later stepped up by replacing the rogue Trojan with servers of their own in an attempt to remediate the damage, but the fix was only temporary. Now the FBI is expected to end use of those replacement servers as early as next month and, at that point, the Internet for millions could essentially be over.
When functioning as its creators intended, the DNSChanger Trojan infected computers and redirected users hoping to surf to certain websites to malicious ones. Traditionally, DNS, or Domain Name System, servers translate alphabetical, traditional website URLs to their actual, numeric counterpart in order to guide users across the World Wide Web. Once infected by the DNSChanger Trojan, however, websites entered into Internet browsers were hijacked to malicious servers and, in turn, directed the user to an unintended, fraudulent site. In coordination with the arrests in Estonia, the FBI shut down the malicious DNSChanger botnet network, and, additionally, replaced them with surrogate servers to correct the problem. Those servers, however, were installed "just long enough for companies and home users to remove DNSChanger malware from their machines," according to the court order that established them. That deadline is March 8, and those surrogate servers are expected to be retired then. At that point, computers still infected with the Trojan will be essentially unable to navigate the Internet.

Who, exactly, will be affected?
Security company IID (Internet Identity) believes that half of all Fortune 500 companies and more than two dozen major government entities in the US are still currently infected with the worm as of early 2012. Unless they take the proper steps to eradicate the Trojan from their systems, millions of users worldwide w The sometimes salacious 'kill switch' headlines about this story can easily give readers the wrong impression if they don't dig a little deeper into the details.

 The FBI actually stepped in to ensure lots of folks didn't suddenly lose their ability to surf the web last year and those safety measures are set to expire on March 8th. Last year, a group that had infected over 4 million computers worldwide (with an estimated half a million in the US) with what is called the DNSChanger Trojan was brought to justice. The primary impact of this infection is that it caused web surfers to be sent to fraudulent websites by changing what is called the DNS settings on compromised computers. The Domain Name System (DNS) is the backbone of the Internet's address scheme and DNS servers are special computers around the world that act as Internet traffic cops providing directions to websites that you wish to visit.

 For instance, when you type www.datadoctors.com in your web browser, your computer sends the request to the DNS server usually associated with your Internet service provider which translates your human friendly text request into the actual numeric address for that website (called the IP address). If your computer was infected with the DNSChanger Trojan, you are being sent to a 'rogue traffic cop' that would send you into a virtual dark alley to be mugged. It also made sure that you couldn't get to security sites that had tools to help you clean up your computer. When the FBI pinched this group, if they had shut down the rogue DNS servers, everyone that was infected would have instantly been cut off from the Internet so the FBI chose a different strategy. They decided to get a court order allowing them to replace the rogue DNS servers with legitimate stand-ins so that all the infected computers wouldn't get cut off without warning giving them time to get the word out. The court order runs out on March 8th, so anyone still infected with the DNSChanger Trojan will no longer be able to access the Internet because the temporary DNS servers won't be online anymore. So you can see that the characterization of the FBI using a kill switch to cut our citizens off from the Internet is pretty inaccurate. If everyone that's infected by this Trojan cleans it up before March 8th, no one will have a problem, but the infection is so widespread that it isn't likely to happen. Both Windows and MacOS users are at risk for this infection because it exploits your browser, not your operating system. If you are somewhat technical, you can do a self-check of your computer to make sure you're not infected by comparing your computer's

DNS setting to the list of rogue
DNS servers: 85.255.112.0 through
 85.255.127.255 67.210.0.0 through
67.210.15.255 93.188.160.0 through
93.188.167.255 77.67.83.0 through
77.67.83.255 213.109.64.0 through
 213.109.79.255 64.28.176.0 through
 64.28.191.25

 The FBI has published a pretty decent guide to performing the self-check at:
 http://goo.gl/raqfL

 but if you aren't comfortable doing the check yourself, make sure you consult a tech savvy friend or professional to avoid getting cut off on March 8th. If you are infected by the DNSChanger Trojan, the FBI reminds us that this malware also disables security updates which could have further exposed you to other malware.

Be sure you have a thorough cleanup performed and you get caught up on all the missing updates if you find your computer has been compromised as detection and removal is just the beginning of the process ill be left hog-tied, helplessly attempting to navigate to nonexistent servers and, in effect, without the Web.

 “At this rate, a lot of users are going to see their Internet break on March 8,”
Rod Rasmussen, president and chief technology officer at Internet Identity, cautions Krebs On Security. Currently, both the computer industry and law enforcement are working together through a coalition they’ve established called the DNSChanger Working Group. That group has been tasked with examining the options in phasing out the surrogate servers set up by the feds, but unless an alternative plan is agreed on, a great port of the Web will go dark next month. “I’m guessing a lot more people would care at that point,” Rasmussen adds. While infected users are cautioned to correct the problem now, millions internationally are still believed to be infected. “It certainly would be an interesting social experiment if these systems just got cut off,” he adds.

Comments