What can you tell me about the FBI shutting off the Internet for thousands of users on July 9th?
This question was answered on February 17, 2012. Much of the information contained herein may have changed since posting.
The sometimes salacious ‘kill switch’ headlines about this story can easily give readers the wrong impression if they don’t dig a little deeper into the details The FBI actually stepped in to ensure lots of folks didn’t suddenly lose their ability to surf the web last year and those safety measures are set to expire on March 8th <strong>UPDATE: The courts approved the FBI's request to extend the date to July 9th because so many computers are still infected Please check your all your computers!</strong> Last year, a group that had infected over 4 million computers worldwide (with an estimated half a million in the US) with what is called the DNSChanger Trojan was brought to justice The primary impact of this infection is that it caused web surfers to be sent to fraudulent websites by changing what is called the DNS settings on compromised computers The Domain Name System (DNS) is the backbone of the Internet’s address scheme and DNS servers are special computers around the world that act as Internet traffic cops providing directions to websites that you wish to visit For instance, when you type www.datadoctors.com in your web browser, your computer sends the request to the DNS server usually associated with your Internet service provider which translates your human friendly text request into the actual numeric address for that website (called the IP address) If your computer was infected with the DNSChanger Trojan, you are being sent to a ‘rogue traffic cop’ that would send you into a virtual dark alley to be mugged It also made sure that you couldn’t get to security sites that had tools to help you clean up your computer When the FBI pinched this group, if they had shut down the rogue DNS servers, everyone that was infected would have instantly been cut off from the Internet so the FBI chose a different strategy They decided to get a court order allowing them to replace the rogue DNS servers with legitimate stand-ins so that all the infected computers wouldn’t get cut off without warning giving them time to get the word out The court order runs out on March 8th, so anyone still infected with the DNSChanger Trojan will no longer be able to access the Internet because the temporary DNS servers won’t be online anymore So you can see that the characterization of the FBI using a kill switch to cut our citizens off from the Internet is pretty inaccurate If everyone that’s infected by this Trojan cleans it up before March 8th, no one will have a problem, but the infection is so widespread that it isn’t likely to happen Both Windows and MacOS users are at risk for this infection because it exploits your browser, not your operating system If you are somewhat technical, you can do a self-check of your computer to make sure you’re not infected by comparing your computer’s DNS setting to the list of rogue DNS servers: <strong>184.108.40.206 through 220.127.116.11 18.104.22.168 through 22.214.171.124 126.96.36.199 through 188.8.131.52 184.108.40.206 through 220.127.116.11 18.104.22.168 through 22.214.171.124 126.96.36.199 through 188.8.131.52</strong> The FBI has published a pretty decent guide to performing the self-check at: http://goo.gl/raqfL but if you aren’t comfortable doing the check yourself, make sure you consult a tech savvy friend or <strong>stop by any Data Doctors location ( https://www.datadoctors.com/locations ) for a free check, while you wait.</strong> If you are infected by the DNSChanger Trojan, <strong>the FBI reminds us that this malware also disables security updates which could have further exposed you to other malware Be sure you have a thorough cleanup performed and you get caught up on all the missing updates if you find your computer has been compromised as detection and removal is just the beginning of the process.</strong>
About the author
Posted by Ken Colburn of Data Doctors on February 17, 2012