I’ve been asked by folks and have seen on FB about the “Internet shutting off” tomorrow — here’s my stock reply:
The malware which infected some machines is old, actually. These aren’t new infections. The malware changed your computer’s DNS servers to ones that the bad guys controlled, which is the equivalent of someone switching your 411 operator with their own nefarious operator, so when you tried to get the number for Domino’s, they’d give you the number for Pizza Hut.
The bad guys’ servers were seized back in 2011 and were reset to be benign, but under a court order, the FBI and other law enforcement agencies have to turn off the servers tomorrow, July 9, 2012.
Google, Facebook and others are able to detect if you’re using those servers and have been putting up messages to those users whose machines have still not been cleaned, months after the fact.
So, if you haven’t seen a message from Google or Facebook, you’re fine, nothing to see here.
The most interest part of this story of course was not the DNSChanger bot, itself, but how the FBI and the court handled it. They could have shut it down immediate and the results would have been the same for those 300,000 plus 270,00 more. By delaying the shut down they did allow those 270,000 to recover. However it seems to me they dropped the ball in getting the word out. This didn’t become big news until the past week. I am not sure if the court and the FBI is to be blamed for this, or is it the media’s fault for not getting the word out. Whose ever fault it is, communication was lacking.