Feds request DNS Changer extension to keep 400K users online
Ask judge to keep substitute servers working until July 9 to give victims more time to disinfect computers
Computerworld - Officials with the U.S. government have asked a New York judge to extend an impending deadline that could sever ties to the Internet for hundreds of thousands of users infected with the "DNS Changer" malware.
DNS Changer, which at its peak was installed on more than four million Windows PCs and Macs worldwide -- a quarter of them in the U.S. alone -- was the target of a major takedown last November organized by the U.S. Department of Justice.
The malware hijacked users' clicks by modifying their computers' domain name system (DNS) settings to send URL requests to the criminals' own servers, a tactic that shunted victims to hacker-created sites that resembled the real domains.
As part of "Operation Ghost Click," the FBI seized more than 100 servers hosted at U.S. data centers. To replace those servers -- and allow infected computers to use the Internet -- a federal judge approved a plan where substitute DNS servers were deployed by the Internet Systems Consortium (ISC), the non-profit group that maintains the popular BIND DNS open-source software.
Without that move, DNS Changer-infected systems would have been immediately cut off from the Internet.
Last week, authorities filed a request with a New York federal court asking that the replacement servers operate until July 9.
Previously, U.S. District Court Judge William Pauley had said the ISC must pull the plug on the stand-in servers on March 8.
That was thought sufficient time for consumers, enterprises and Internet service providers (ISPs) to scrub systems of the malware and restore valid DNS settings.
"Extending the operation of the Replacement DNS Servers will provide additional time for victims to remove the malware from their computers, thereby enabling them to reach websites without relying on the Replacement DNS Servers," the government's request read.
According to the extension request, the substitute DNS servers were keeping an average of 430,000 unique IP addresses connected to the Web last month. Each IP address represented at least one computer, and in some cases, numerous machines.
Both the office of the U.S. Attorney for the Southern District of New York -- the jurisdiction prosecuting the case -- and the FBI have fielded calls from victims saying that they need more time to clean up their computers before the replacement DNS servers are shut down.
"In a communication dated January 27, 2012, a representative of one ISP estimated that approximately 50,000 of its customers are infected with the malware," the government said. "According to [that] ISP, absent continued operation of the Replacement DNS Servers, its customers are at risk of being unable to access the Internet."
The FBI also needs additional time to finish notifying victims in foreign countries, the filing said.
Earlier this month, Tacoma, Wash.-based Internet Identity (IID) reported that DNS Changer remained a potent threat months after the takedown. IID claimed that half of the firms in the Fortune 500, and a similar percentage of major U.S. government agencies, harbored one or more computers infected with DNS Changer, and so would be unable to access the Internet when the substitute servers were switched off.
Users who suspect that their computer is infected with DNS Changer can follow the detection and disinfection steps posted on the DNS Changer Working Group's website.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is email@example.com.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Is Your Big Data Solution Production-Ready? Read "Is Your Big Data Solution Production-Ready?" now, and discover best practices and actionable steps to implementing a production-ready big data solution.
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Cybercrime and Hacking White Papers | Webcasts