The Lonely Planet shows Estonia on the borders of Russia and Latvia.
When I was an exchange student in Japan, I met a girl from Estonia. That was the beginning and the end of my experience with Estonians… until I learned about the DNSChanger malware epidemic.
The Importance of Trustworthy DNS Servers
When you’re trying to go somewhere, you need to know how to get there — you need directions. Before the proliferation of GPS-enabled devices (but also after), seeking a native to ask for directions was as common as asking the time of day — despite the comic stereotype that men don’t ask for directions.
But establishing the authority of the source was second nature.
Social cues would be your on-the-fly education of whether your source is giving you the truth, if they are making something up because they are too proud to say that they don’t know, or if they are intentionally giving you the wrong directions to lure you into a trap.
(As it turns out, due diligence is required on both ends of this information exchange.)
Traveling around the Internet is similar to a road trip. Your computer uses DNS servers to find directions on how to get from website to website.
The key difference is that there isn’t a clear way to judge the trustworthiness of the DNS servers. In fact, once the DNS settings are in place on your computer, it will blindly follow whatever directions those DNS servers send, regardless of whether they are correct or not.
DNSChanger Malware Exploits the Naiveté of Your Over-Trusting Computer
Cyber criminals discovered that by secretly changing the DNS settings on the computers of unsuspecting victims they could direct traffic to fraudulent websites and otherwise interfere with users’ web browsing. DNSChanger is the name of the malware (malicious software) used to change these settings.
Just like any other online device, computers affected by the DNSChanger malware ask for directions from DNS servers. The difference? Instead of asking legitimate servers for directions, they ask “rogue DNS servers” set up by the cyber criminals. These cyber criminals (from Estonia) set up a ring of these servers to handle the massive amounts of traffic from the users they were able to infect.
How successful were these Estonians? David Ulevitch, founder and CEO of OpenDNS, writes:
Some reports claim that more than half of the Fortune 500 companies showed signs of infection and it’s said that the Estonian crime ring operating DNSChanger profited $14 million in stolen funds.
Victims of this attack were not only unknowingly forced into helping the cyber criminals make $14 million, they also were subjected to an online world of risk and possible infection by other malware and viruses.
The FBI is Shutting You Down
The good news is that the FBI has discovered and stopped the cyber criminals, and they now have control of the rogue DNS servers. Now for the bad news: there are still millions of computers worldwide that are using these servers to surf the web. All of these infected machines will lose connectivity when the FBI shuts down this ring of servers on July 9, 2012.
Everyone who has not corrected their DNS settings by that time will be knocked offline.
Are You Infected?
The problem is that most of the people affected by the DNSChanger malware are completely unaware. Thankfully, there are some good people out there who want to make the Internet a better place for everyone. Two such companies — OpenDNS and CloudFlare — have teamed up to help Internet users.
Websites participating in this joint campaign (like us at SLeeAndTopher.com) will help identify machines using scripts from the DNSChanger malware. Users who are possibly infected will see this banner:
And then they will be directed to this page by OpenDNS.
Did You See the Banner?
If you came to our site and saw this banner, please take a look at the OpenDNS page and learn how you can correct your DNS settings before the FBI shuts down the ring of rogue DNS servers and kill your Internet connection.
If you didn’t see the banner — kudos! Your DNS settings are safe. But your friends and family may still be affected.
As always, an awesome post from you guys. Thank you so much for your support of this program. If you ever need anything from us, please feel free to give me a shout 🙂
Erin
Thanks, Erin. We love what you guys are doing. Keep up the good work!