Friday, June 8, 2012

Lemming Tracks: Google, Facebook Affected by DNSChanger Malware! WHEN WILL IT END?!!!!

First, relax: Google and Facebook were "affected" by DNSChanger malware, only in the sense that both outfits took action to help their users deal with the nasty code.

Second, this is another post where the Lemming may get a little testy.

Third, don't relax too much: DNSChanger isn't the only security issue around:
Here's what set the Lemming off:

Malware, Facebook, and Counting Down to July 9

"Facebook Alerts Users About DNSChanger Malware"
Fahmida Y. Rashid, PC Magazine (June 6, 2012)

"Facebook will notify users who have DNSChanger malware on their computers of the infection and remind them that if left infected, they will lose Internet access come July 9.

"When a user browses to Facebook from a DNSChanger-infected computer, the social networking giant will display an alert with a link to the DNSChanger Working Group's website, the Facebook security team wrote on the Facebook Security blog on June 4. The DCWG website contains information about the malware and instructions on cleaning up the infection....

The odds are pretty good that you already know about the situation, even if the name "DNSChanger" isn't familiar. This blog tends to get geeky: with the implications about visitors that implies.

Note, by the way, a geek is not necessarily a nerd:

DNSChanger: Background and Help

The Lemming has more: including a rant. On the other hand, here's something useful:

Look, Up In the Sky! It's a Cloud! It's an App! No, It's CloudFlare!!

"...Google announced a similar plan back on May 22. The search giant displays alerts to victims through its search pages. CloudFlare,a company that provides hosted security and content accelerations services for websites, also offers customers a DNSChanger notification tool. Once a CloudFlare customer turned on the tool within its administrative panel, all visitors to its Website would be immediately notified if they are infected with DNSChanger.

"What is DNSChanger?

"DNSChanger targets the computer's Domain Name System settings to hijack Web search queries, redirect users to fake websites, and display malicious advertisements. The malware changes the DNS server settings on the computer to use rogue servers instead of legitimate servers operated by the Internet Service Provider or other public servers from companies such as Google and OpenDNS.

"DNS is analogous to a phone directory for the Internet. Computers...."
(Fahmida Y. Rashid)

There's a pretty good explanation of the DNS system and how it works in the PC World article. Also how many computers are still infected with DNSChanger. It's a pretty small fraction of all Internet-connected compuers: but it's still a big number.

July 10 Will be Too Late

"Facebook warns hundreds of thousands may lose Internet in July" (June 6, 2012)

"Facebook announced Tuesday that it had joined a consortium of other companies and security experts to help alert hundreds of thousands of websurfers of a computer infection called DNSChanger that may knock their computers off the Internet this summer.

"Unknown to most of them, their problem began when international hackers ran an online advertising scam to take control of infected computers around the world. In a highly unusual response, the FBI set up a safety net months ago using government computers to prevent Internet disruptions for those infected users. But that system will be shut down July 9 -- killing connections for those people.

"The FBI has run an impressive campaign for months, encouraging people to visit a website that will inform them whether they're infected and explain how to fix the problem. After July 9, infected users won't be able to connect to the Internet...."

If you're a science fiction/speculative fiction buff, you may have noticed the Lemming's rephrase of "October First is Too Late," One of Fred Hoyle's contributions to English literature.

The good news, from the Lemming's point of view, is that America's government has done something sensible about a serious malware issue.

Malware, the Internet, Lizard Men, and a Ranting Lemming

The bad news, again from the Lemming's point of view, is that we may be in for a few new conspiracy theories. After July 9, when the 'safety net' goes down, someone with an infected computer won't be able to use the Internet, learn that 'the government won't let me online,' and conclude that it's some kinda plot.

Which, in a way, it is. Sort of. Except that folks who pay attention know about malware, DNSChanger, and probably aren't infected.

Or is the Lemming in league with the space-alien, shape-shifting, lizard men who took over the world? Think about it: "Lemming" and "lizard" start with the same letter; the lizard men control Blogger, and the Lemming uses Blogger. You see?! It all fits together!!!

The lizard men are so complacent about their control of Earth, that they've started getting careless about their disguises:

Unique 2010 Autumn/Winter collection during London Fashion Week, February 20, 2010. REUTERS/Suzanne Plunkett
(from Oddly Enough, Reuters, used w/o permission)

DNS Changer: Yes, It's Important

Back to that article:

"...The challenge, and the reason for the awareness campaigns: Most victims don't even know their computers have been infected, although the malicious software probably has slowed their web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.

"Last November, when the FBI and other authorities were preparing to take down a hacker ring that had been running an Internet ad scam on a massive network of infected computers, the agency realized this may become an issue.

" 'We started to realize that we might have a little bit of a problem on our hands because ... if we just pulled the plug on their criminal infrastructure and threw everybody in jail, the victims of this were going to be without Internet service,' said Tom Grasso, an FBI supervisory special agent. 'The average user would open up Internet Explorer and get "page not found" and think the Internet is broken.'..."

There's more than a little oversimplification and generalization going on in that statement: but the Lemming thinks the FBI had the right idea in this case. Quite a few folks using computers and the Internet aren't tech-savvy.

DNS Changer: The Clock's Ticking

"..On the night of the arrests, the agency brought in Paul Vixie, chairman and founder of Internet Systems Consortium, to install two Internet servers to take the place of the truckload of impounded rogue servers that infected computers were using. Federal officials planned to keep their servers online until March, giving everyone opportunity to clean their computers.

"But it wasn't enough time.

"A federal judge in New York extended the deadline until July.

"Now, said Grasso, 'the full court press is on to get people to address this problem.' And it's up to computer users to check their PCs...."

That phrase, "it's up to computer users to check their PCs," is - in the Lemming's opinion - very important. Stopgap measures like tracking down criminals and swapping out rogue servers are important. But individual users need to take care of what's under their control.

The Internet isn't all that different from the 'real' world: having an effective police department in your area is important. But so is remembering to lock the front door.

DNS Changer: What Happened

"...Hackers infected a network of probably more than 570,000 computers worldwide. They took advantage of vulnerabilities in the Microsoft Windows operating system to install malicious software on the victim computers. This turned off antivirus updates and changed the way the computers reconcile website addresses behind the scenes on the Internet's domain name system.

"The DNS system is a network of servers that translates a web address -- such as -- into the numerical addresses that computers use. Victim computers were reprogrammed to use rogue DNS servers owned by the attackers. This allowed the attackers to redirect computers to fraudulent versions of any website.

"The hackers earned profits from advertisements that appeared on websites that victims were tricked into visiting. The scam netted the hackers at least $14 million, according to the FBI. It also made thousands of computers reliant on the rogue servers for their Internet browsing...."

The Lemming has nothing against online advertising: just look at the sidebar for proof. The ethical problem here is that some folks decided to set up a fraudulent advertising network. Hey - that's an acronym: Fraudulent Advertising Network: 'We FAN your profits.' And, no: advertising is not, by definition, fraudulent. In the Lemming's opinion. And that's yet another topic.

Beware Estonians Bearing Servers?

"...When the FBI and others arrested six Estonians last November, the agency replaced the rogue servers with Vixie's clean ones. Installing and running the two substitute servers for eight months is costing the federal government about $87,000.

"The number of victims is hard to pinpoint, but the FBI believes that on the day of the arrests, at least 568,000 unique Internet addresses were using the rogue servers. Five months later, FBI estimates that the number is down to at least 360,000. The U.S. has the most, about 85,000, federal authorities said. Other countries with more than 20,000 each include Italy, India, England and Germany. Smaller numbers are online in Spain, France, Canada, China and Mexico.

"Vixie said most of the victims are probably individual home users, rather than corporations that have technology staffs who routinely check the computers...."

There's bad news here: the cost in dollars, time, and attention involved; loss of trust and other emotional fallout that's hard to measure.

But there's good news too: American and international law enforcement seem to be taking 'cybercrime' seriously, and are developing practical ways for dealing with the criminals and their actions; quite a few folks may learn more about how to use the Internet safely.

Free Advice From the Lemming: Worth Every Cent

The Lemming's household network and computers aren't infected by DNSChanger: or, as far as the Lemming knows, anything else.

That's partly because the Lemming spent 10 years being 'the computer guy' for a small company, and many more decades accumulating 'life experience.' It's like the sign said:

Making mistakes comes from a lack of wisdom.
Experience comes from making mistakes.
Wisdom comes from experience.

If you don't mind taking advice from an oversize virtual Lemming, here are some helpful(?) tips:
  • No foreign ruler wants you to transfer his wealth through your bank account
  • The inheritance from a rich relative you don't know about
    • Doesn't exist
      • Neither does the rich relative
  • "Free" usually isn't
  • You won't make millions by stuffing envelopes
  • If you wouldn't do it in your neighborhood, don't do it online
    • Cyberspace is real, too
By the way: the Lemming's not an online security 'expert,' so do your own research: and use your brain.

Not-entirely-unrelated posts:

No comments:

Unique, innovative candles

Visit us online:
Spiral Light CandleFind a Retailer
Spiral Light Candle online store

Pinterest: From the Man Behind the Lemming

Top 10 Most-Viewed Posts

Today's News! Some of it, anyway

Actually, some of yesterday's news may be here. Or maybe last week's.
The software and science stuff might still be interesting, though. Or not.
The Lemming thinks it's interesting: Your experience may vary.
("Following" list moved here, after Blogger changed formats)

Who Follows the Lemming?


Family Blogs - Blog Catalog Blog Directory