Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Feds request DNS Changer extension to keep 400K users online

Ask judge to keep substitute servers working until July 9 to give victims more time to disinfect computers

Officials with the U.S. government have asked a New York judge to extend an impending deadline that could sever ties to the Internet for hundreds of thousands of users infected with the "DNS Changer" malware.

DNS Changer, which at its peak was installed on more than four million Windows PCs and Macs worldwide -- a quarter of them in the U.S. alone -- was the target of a major takedown last November organized by the U.S. Department of Justice.

The malware hijacked users' clicks by modifying their computers' domain name system (DNS) settings to send URL requests to the criminals' own servers, a tactic that shunted victims to hacker-created sites that resembled the real domains.

As part of "Operation Ghost Click," the FBI seized more than 100 servers hosted at U.S. data centers. To replace those servers -- and allow infected computers to use the Internet -- a federal judge approved a plan where substitute DNS servers were deployed by the Internet Systems Consortium (ISC), the non-profit group that maintains the popular BIND DNS open-source software.

Without that move, DNS Changer-infected systems would have been immediately cut off from the Internet.

Last week, authorities filed a request with a New York federal court asking that the replacement servers operate until July 9.

Previously, U.S. District Court Judge William Pauley had said the ISC must pull the plug on the stand-in servers on March 8.

That was thought sufficient time for consumers, enterprises and Internet service providers (ISPs) to scrub systems of the malware and restore valid DNS settings.

Apparently not.

"Extending the operation of the Replacement DNS Servers will provide additional time for victims to remove the malware from their computers, thereby enabling them to reach websites without relying on the Replacement DNS Servers," the government's request read.

According to the extension request, the substitute DNS servers were keeping an average of 430,000 unique IP addresses connected to the Web last month. Each IP address represented at least one computer, and in some cases, numerous machines.

Both the office of the U.S. Attorney for the Southern District of New York -- the jurisdiction prosecuting the case -- and the FBI have fielded calls from victims saying that they need more time to clean up their computers before the replacement DNS servers are shut down.

"In a communication dated January 27, 2012, a representative of one ISP estimated that approximately 50,000 of its customers are infected with the malware," the government said. "According to [that] ISP, absent continued operation of the Replacement DNS Servers, its customers are at risk of being unable to access the Internet."

The FBI also needs additional time to finish notifying victims in foreign countries, the filing said.

Earlier this month, Tacoma, Wash.-based Internet Identity (IID) reported that DNS Changer remained a potent threat months after the takedown. IID claimed that half of the firms in the Fortune 500, and a similar percentage of major U.S. government agencies, harbored one or more computers infected with DNS Changer, and so would be unable to access the Internet when the substitute servers were switched off.

Users who suspect that their computer is infected with DNS Changer can follow the detection and disinfection steps posted on the DNS Changer Working Group's website .

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer , on Google+ or subscribe to Gregg's RSS feed . His email address is gkeizer@computerworld.com .

See more by Gregg Keizer on Computerworld.com .

Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Topic Center.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Apple, Department of Justice, FBI, Google, Macs, Microsoft, Topic
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Cybercrime and Hacking, DRM and Legal Issues, fbi, Internet Systems Consortium, Malware and Vulnerabilities, security, U.S. Department of Justice
Latest Blog Posts
Whitepapers
  • Case Study: BNP Paribas Deploys Oracle Exadata to Accelerate Information Processing - The Hardware Perspective
    Datacenters are an aggregate of very heterogeneous elements interacting with each other and incurring a complex chain of dependencies, particularly around the point of contact between hardware and software. Against this backdrop, IDC is observing a great push from suppliers and end users alike toward a consumption model based on pre-integrated blocks of optimized hardware and software that IT departments need only to fine-tune, as opposed to build out of a collection of different components. Read on.
    Learn more »
  • Restore control, Reinforce security & Reduce Cost
    Uncontrolled print environments and practices present a serious risk to the profit and security of your organisation. IT is under pressure to protect sensitive information, secure devices, and improve the way they manage the entire fleet. To gain better control, your organisation needs to implement plans that meet industry regulations while also increasing productivity, lowering costs, and providing users with more flexible imaging and printing solutions. Read more.
    Learn more »
  • The Big Six: The CIO Executive Council’s Frameworks for IT Value and Leadership
    This overview of six of the CIO Executive Council’s most important pieces of intellectual capital represents the thought leadership of literally hundreds of global CIOs spanning over half a decade. It is intended to convey the Council’s position on the current and future CIO role and the value that IT should be creating for the enterprise. We hope that it offers the IT community an intriguing and comprehensive roadmap for continued success.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.