Forgot your password?
typodupeerror
AT&T Security The Internet Verizon

US ISPs Continue To Support DNSChanger Redirection Servers 87

Posted by Soulskill
from the you-had-one-job dept.
darthcamaro writes "On Monday of this week, the primary servers that kept those infected with the DNSChanger malware were taken offline. It's a story that sparked lots of media hype with people claiming that hundreds of thousands of people could lose their Internet access. As it turns out, major U.S. ISPs including Verizon, Cox, AT&T and CenturyLink all kept their own DNSChanger servers online, protecting any users from losing their access."
This discussion has been archived. No new comments can be posted.

US ISPs Continue To Support DNSChanger Redirection Servers

Comments Filter:
  • by Jah-Wren Ryel (80510) on Friday July 13, 2012 @05:14PM (#40643559)

    Don't all of those ISPs play that dirty trick of redirecting failed DNS lookups to advertising? Why don't they just set their DNSchanger servers to redirect all lookups to some page telling the user that their system is infected and how to download a tool to fix it?

    Sure it will break everything but http(s) but if they are happy to do it for money why aren't they happy to do it for the common good?

    • Re: (Score:3, Insightful)

      by NettiWelho (1147351)
      Because if they meddled with end-user functionality they'd be swamped with angry customers demanding service and help. They take the cheap route that doesnt require additional effort on their part and lessens the incoming workload.
      • by Anonymous Coward

        Because if they meddled with end-user functionality they'd be swamped with angry customers demanding service and help.

        "You need help? There's a link on your screen. Click it, install the Cleaner program, and run it. Have a nice day. ::click::"

        Problem solved.

        • by Anonymous Coward

          I can tell you have never worked a day supporting CLNK customers.

    • by nurb432 (527695) on Friday July 13, 2012 @05:18PM (#40643605) Homepage Journal

      The big deal is they are keeping infected computers online.

      These should have been cut off day one, with a message 'call your isp' and allow NO other traffic to protect the users data.

      • Yup, if they don't they lose customers (or that's the idea). For the same reason a lot of ISPs do nothing about infected computers in their net work. No matter how much spam they send out or how many requests they do to your web servers. A smaller group of ISPs (e.g. MediaTemple, to name just one) have no problem at all with spammers in their network (and/or make reporting spammers extremely hard), as long as the customer pays (and the complainer: not). Spam etc. is plenty because people accept money to lo
        • by nurb432 (527695)

          I think a page saying you have a security problem on your PC and to please call us would make customers happy.. "they care about us" I know they don't really, but it would make many feel that way.

          • by John Bokma (834313) on Friday July 13, 2012 @06:15PM (#40644279) Homepage
            You and me both. But I know plenty of people who consider themselves "power users" and would consider such a move patronizing (and an accusation that they made a mistake; how could they!). And I know even a few who don't care about malware on their computer as long as it isn't too much in the way (some even call it cool to be a part of one or more botnets...).
            • by ganjadude (952775)
              true, I hate having to deal with tech support and I get annoyed at people trying to force me to do things. having said that, having a default page that tells you your machine is messed up is a little bit different. I say hell, even let them keep using it, just make them see the msg and hit ok (frames maybe?) I know the hardcore crowd will claim the ISPs are hijacking or snooping or whatever, yeah, thats exactly whats going on in my scenario, and probably one of the only few exceptions to snooping I would
            • Re: (Score:3, Informative)

              Then those ego maniacs need a slap in the face. If they were in fact a power user they wouldn't have let this happen to their system.
          • by JWSmythe (446288)

            I guess you don't see the obvious problems with that...

            1) There's plenty of existing malware that does that already. "Click here to clean your computer". Some even give a friendly 800 (or 900) number to call for "advice", so you can call and give your credit card number of the phone because it's "so much safer".

            2) When they redirect a residential customer to the security problem page, it's not going to just redirect the infected machine, it will redirect all

            • 2) When they redirect a residential customer to the security problem page, it's not going to just redirect the infected machine, it will redirect all of your machines.

              No it won't. Only the infected machines are using the bogus nameservers.

              • by JWSmythe (446288)

                    In his case, the implication was for any malware. Definitely they could have done it for this specific case. It looks like they just went for the easier option of a static route and put the IP(s) on their own DNS server(s).

        • by Anonymous Coward

          you have no idea what you are talking about. i have worked for several regional ISPs and when we notice virus traffic originating from your computer/router you will either get an email/call from us notifying you that you need to resolve the issue or we will disconnect your service, or we just disconnected your service and call you to inform you why this happened.

      • by v1 (525388)

        The big deal is they are keeping infected computers online.

        These should have been cut off day one, with a message 'call your isp' and allow NO other traffic to protect the users data.

        hmmmm... protect the public, or protect profit... protect the public, or protect profit... oh wait, that's an easy decision!

      • by devitto (230479)

        No they are not. They are contacting those customers, duh !

    • Sure it will break everything but http(s) but if they are happy to do it for money why aren't they happy to do it for the common good?

      Since when is there money to be made by supporting the common good?

    • by Asic Eng (193332)

      I guess the problem is when they do that they'll get swamped with support requests by the most clueless of their user base. Who is going to handle all these phone calls? That costs quite a bit of money. Setting up another server to handle these DNS requests is cheap, though. So that's what they are doing.

      • Yep, that's what a lot people think and it sure fits the stereotypical corporate mentality. But, it really isn't that hard to mitigate. Set the servers up to redirect to a warning page for only 1% of the ISP's address range per day or something in that ballpark. That reduces the flood of support calls down to something manageable.

        • by Asic Eng (193332)

          That's a good approach, but there were so many warnings already and for such a long time. These people don't care about their computers at all. You redirect them to a warning page, maybe they'll call you and you'll get them to fix it. That one problem. What about the other malware on their machines? What about the malware they'll get next week?

          Your best hope is that sooner or later they'll replace their desktops with iPads.

          • "These people don't care about their computers at all."
            This is my cousin exactly. She is 14 and fscking stupid. She has a thing that posts on her facebook everyday that is clearly a highjack and I always comment "...and hacked." then "change your password." It's been almost 2 months. I bet you can guess what she hasn't done. I been considering just changing her password myself and not telling her what it is.
    • because there is no money to be made in 'the common good.'
  • by 0racle (667029) on Friday July 13, 2012 @05:15PM (#40643561)
    Knock them off the internet already so they know they have a problem. DNSChanger is probably not the only issue they have.
    • by bmo (77928) on Friday July 13, 2012 @05:20PM (#40643623)

      Knock them off the internet already so they know they have a problem. DNSChanger is probably not the only issue they have.

      This. I have *never* seen a compromised system with just one piece of badware. These people are probably running around with dozens, if not hundreds of pieces of evil in their machines.

      Knocking them off the net would be doing them a favour.

      --
      BMO

    • Are you going to pay them for the calls that are going to be ringing off the hook! My guess is the phone system will be so overloaded it would probably crash and prevent legitimate calls from coming through.

      Are you going to pay their legal fees when business users sue due to lost income? Yes it was both forseen and the ISP has a duty of care, and has even excersized this supporting its users. A lawyer would be drooling if you said fuck it and cut the cord.

      It is a business decision and not a moral or philoso

      • by osu-neko (2604)

        It is a business decision and not a moral or philosophical one.

        These are not mutually exclusive. It is a business decision, but it is also a moral one. Any decision that affects others (and arguably some that don't) are moral decisions. Pretending otherwise is a wonderful excuse for avoiding moral responsibility, though...

        • Well a corporations job is to make money. Its moral and ethical guidelines is to increase shareholder wealth on a quarterly basis by constantly raising the share price.

          It does not serve them well if some companies get hurt with no internet access and it is stealing from them otherwise. Liability is real as older computers without updates typically are corporate owned systems in places like managerial offices and other places where they can't be cleaned easily without a local IT staff. They could lose money

          • by Culture20 (968837)

            Well a corporations job is to make money. Its moral and ethical guidelines is to increase shareholder wealth

            Full Stop. You can increase shareholder wealth many ways. Dividends work well even when stock prices are steady or even dip a little. Carry on...

            on a quarterly basis by constantly raising the share price.

    • I second that too. That kind of malware is never alone on most computers. The job of an ISP is to provide internet access, not holding customer's hands. Tech support is one thing, but an infected machine is a risk for *every* customer of said ISP. What if the ISP's email servers get banned because some machine is sending spam? Any responsible ISP will make sure either a) the problem's fixed or b) the customer's access is bloqued until it's fixed. Keeping those machines online is irresponsible.

  • Next article please
  • by Immostlyharmless (1311531) on Friday July 13, 2012 @05:15PM (#40643567)
    On a side note, can anyone tell me why all of the ads I see are for AT&T?
  • That's why I didn't get a phone call from my parents asking me to fix their Internet.
  • Why? (Score:5, Insightful)

    by Technoodle (1384623) on Friday July 13, 2012 @05:16PM (#40643583)
    This is a fail. The problem will not go away if we keep coddling people that have infected machines.
  • "Loose"? (Score:5, Funny)

    by danomac (1032160) on Friday July 13, 2012 @05:25PM (#40643683)

    It's a story that sparked lots of media hype with people claiming that hundreds of thousands of people could loose their Internet access.

    That was the problem initially, the computers were too loose and malware got in.

    • I think the danger is more about them setting their internet access loose on the entire world, maybe? I mean, it must be pretty scuzzy.
  • typo in text loose should be lose

  • by sociocapitalist (2471722) on Friday July 13, 2012 @05:28PM (#40643741)

    "...protecting any users from losing their access."

    This had nothing to do with protecting users. This was because the ISPs didn't want to be overwhelmed with support calls and have to deal with X ignorant and pissed off customers who don't know DNSChanger from a hot dog and who will just blame the ISP for any outage.

  • What will it take? (Score:4, Insightful)

    by crow (16139) on Friday July 13, 2012 @05:34PM (#40643797) Homepage Journal

    What will it take for people to start taking security seriously? One of these days a major botnet will wipe a few million hard drives with no warning. I'm not convinced that even that would do it.

    • I sincerely doubt it. The days of malware simply destroying data are behind us. It's far more useful (and profitable!) to pwn computers and steal information, serve ads, send spam, preform DDoS attacks... you get the idea.

      A swarm of computers with garbled drives has no value. A swarm of computers in a botnet you own is infinitely more valuable.

      • Not everyone is motivated exclusively by money. Especially in this age of "online activism", I suspect that at some point someone will be motivated by fame, or (as many posting here at ./) the idea that "people need to be smarter"...eventually someone will produce some malicious code that *will* do irreparable damage to the systems that are compromised. When that day comes people will - as in nature - be forced to adapt or fail.
      • by crow (16139)

        Yes, malware is mostly there for a financial incentive, but I can see several scenarios where a large botnet would get wiped. Suppose...

        Someone includes self-destruct code that will wipe computers if the network is taken over of the control node are shut down. The idea would be to blackmail security organizations into leaving the botnet alone.

        Or someone has a botnet encrypt drives and then make them pay to get the decryption key. A code bug or takedown of the control network causes all the keys to be lost

    • Make ISPs responsible (and if they want they can make their customers responsible). Now they can have tens if not hundreds of zombies within their network, knowingly and doing nothing since they might lose customers. Not going to happen; $$$$.
      • this will be bad news though, we should be trying to force the ISP to keep their hands OFF our data.

    • by houghi (78078)

      What will it take for people to start taking security seriously?

      What will it take IT people to factor in the human? Look at what you can change and look at what you can't. You can't change humans.

      When I see them changing password policy in companies to 32 random characters that need to be changed every 34 hours, I just know people will start writing it down.

      Next you need to remember 378 different logins for different connections and each one has different rules. Most logins you can not select yourself, so

      • Seriously?
        Companies plan to spend 4.5 percent more on computer security this year than last year, according to results of a Morgan Stanley survey of 100 U.S. chief information officers, released July 13.
        They are taking it seriously, they are just doing it wrong.
        Never attribute to malice that which is adequately explained by stupidity.
    • Not even a bot net wiping a few milllion drives will do it. It'll take a Terminator and Skynet to get through to the damn idiots and at that point it's easier to nuke it from orbit

  • We have AT&T (bellsouth.net) and yesterday internet access was spotty at best. Some sites loaded right away as usual, some never loaded, some now and then. Ebay was a lost cause, google was ify and google hits went nowwhere. At work we have comcast and it was business as usual.
    At home it made no difference which computer I used, MAC, PC, Linux all had issues. My router / DSL modem is a Motorola.

    • by jnork (1307843)

      I've got my home network set up to bypass my ISP's mediocre servers and use the fastest public DNS servers I could find.

      Of course I also checked all our computers before D-Day happened. They were clean.

      But my ISP doesn't get to decide how my DNS queries resolve.

  • It's cheaper to keep it broken than to get customers to go fix it. Duh.
  • by hemo_jr (1122113) on Friday July 13, 2012 @06:54PM (#40644579)

    Just shows that the Internet can take care of itself, and government meddling is not needed.

  • DNSSEC-enabled stub resolvers on the client and/or browsers would have stopped this from ever becoming a problem. Of course, the bad guys would have just disabled this feature and/or replaced the root key on the clients, if they had access. However, it sounds like much of the time it was a vulnerable router that had the dns settings changed. In this case, the clients would have detected false/forged DNS records and stopped the problems sooner..

"Consistency requires you to be as ignorant today as you were a year ago." -- Bernard Berenson

Working...