There has been a lot of concern expressed over the planned shutdown of DNS infrastructure formerly used by malware purveyors to redirect unsuspecting victims to further scams and make money.
In November 2011 the FBI busted six Estonians in an international crackdown called Operation Ghost Click.
The FBI seized control of the rogue DNS servers that were being used by the victim computers and ensured they produced correct DNS answers.
According to Internet Identity, a Washington-based security firm, over half of both the Fortune 500 and US federal government agencies still have machines pointing at these formerly malicious servers.
According to the DNS Changer Working Group there are still approximately 450,000 computers actively infected.
Compared to the 3+ million machines infected with Conficker, it really isn’t so widespread as to cause mayhem if the servers are turned off.
The court order for the FBI to continue to provide this service (using US taxpayer dollars) expires on March 8th, 2012. What happens now?
If the servers go down any machine currently relying on them for DNS name services will cease to be able to browse the web, read email or do just about anything on the internet at all.
While this might be a bit of a shock to the victims, isn’t this ultimately a good thing?
You can’t survive cancer by not getting tested. Keeping your machine infected so you can surf is not likely the best strategy.
This situation reminds me of the Windows Update shipped out on Patch Tuesday in February of 2010. Computers that were infected with the TDSS rootkit would get a blue screen of death (BSoD) after applying the security updates.
Was it disruptive to those with infections? Sure.
Yet these folks were infected with a rather nasty rootkit and were forced to take action to fix their PCs and improve their security and the security of others they may infect.
If DNS Changer was simply a DNS problem you could argue that providing them with DNS service is a kind gesture, but more often then not this malware came with additional payloads that could pose far greater risks to the user.
DNS Changer also prevents machines from getting security updates, which is a huge problem for those infected who are now at risk from lots of other malicious garbage.
I say turn them off. It will be a rude wake-up call, but an unfortunately necessary one.
We all have responsibility for our own security and safety and it isn’t the job of the FBI or anyone else to coddle those who haven’t taken the steps to ensure their own safety.