The FBI warns that nearly a half million internet users will lose their access on July 9 if they don’t take steps to remove a virus on their computers first. Capable of infecting both Macs and Windows PCs, the virus in question is a trojan horse called DNS Changer. A variant, often referred to as zlob, even includes the ability to guess a wireless router’s default administration password and change its stored DNS settings. It’s easy enough to check your computer for this infection, using one of the free web-based detection websites put together by an industry-wide team.
Why the July 9 deadline? That’s where the story gets interesting. The DNS Changer trojan surfaced back in 2007, so it’s nothing new. But the problem is that the trojan horse successfully infected millions of users over the next few years, modifying their computers’ DNS lookup functionality. Address lookups were routed through a group of rogue DNS servers run by Estonian hackers. This allowed the hackers to return modified results that included advertising earning them millions of dollars in revenue. All of this got the FBI’s attention and led to the arrest of the hackers last November.
However, the FBI feared their seizure of the rogue DNS servers would lead to all of the infected computers losing internet access. Therefore, they did something unprecedented, substituting the hackers’ servers with clean DNS servers of their own. The FBI hoped this would buy them time to warn people about the infection so computers could be disinfected before the replacement servers came down in March.
Unfortunately for the FBI, a federal judge ordered that the servers stay up for another 120 days, to give businesses and government agencies additional time to respond to the threat. That brings us to the cutoff date of July 9.
The FBI claims they’ve already spent $87,000 maintaining the temporary DNS server replacements and currently see over 350,000 users actively using them (down from over 500,000 a couple months ago).
In my opinion, this was $87,000 too much spent on a bandage of dubious value. Computers infected with a DNS Changer trojan likely suffer from other issues, such as sluggish performance, along with the DNS redirection itself. Even the redirection could generate odd error messages or malfunctions when using VPN software or other more advanced programs that need to manipulate TCP/IP settings. It doesn’t really do computer users any favors to mask the infection. A compromised system should be taken out of service and cleaned or re-imaged as soon as possible.
The FBI says that moving forward, they’ll implement more of these measures to minimize the impact their enforcement operations have on internet users. It might be smarter for the FBI to focus on law enforcement and not to play systems administrator at the taxpayer’s expense.