First off, “Monday” would be 7/9/2012, and it might not happen at all depending on what the courts decide in an 11th hour appeal. However, if you are reading the gloom and doom articles about “The Malware Virus” or “DNS Changer” that will cut off millions of computers from the Internet on Monday July 9th and you are confused, read on.
Browser hijacking is nothing new. An infected computer is altered so that when a user enters an internet address they don’t go to that address, but to an address that the author of the infecting virus (malware) has chosen.
To understand this problem, you have to know a bit about how internet addresses work. Don’t be scared, I’ll hold your hand.
Computers on a network are not given addresses with names, only numbers. Almost everyone uses Google at the address google.com – but that’s not the site’s TRUE address, it’s true address is 22.214.171.124. But, who wants to run around saying “Visit 126.96.36.199!”, or print it on a business card?? No one. A DNS server is a server that holds these addresses. So, your web browser goes to a DNS server and asks “google.com?” and the sever says “GRYFFINDOR!” – No, it says “188.8.131.52″ whereupon your browser then seeks out THAT address and connects you.
Doubt me? Open a new tab (you are using the latest browser right?) and type in 184.108.40.206 and see what comes up. When you do, you’ll be skipping the DNS and going to the site directly. The hitch is that a site’s address may change over time, not a big deal, as the address in the DNS servers world wide will change too. A sort of “automatic forwarding”.
The problem here is that some clowns hatched a scheme to infecting your computer and make it use THEIR “DNS Server” to look up the IP address of the site you wanted to visit, and return a fraudulent result.
The FBI caught them, and then made this evil DNS server behave like a real DNS server and return correct results. Now millions of infected computers APPEAR to be ok, behaving as they should. Which would keep on working until someone unplugs those DNS servers and takes them offline.
The Courts have told the FBI to do just that. Pull the plug. Take the severs offline. And when that happens all those infected computers will be screaming for directions, trying to connect to a DNS server that isn’t there, the cyber equivalent of “We’re sorry, your call can not be completed as dialed”
I have no idea what the legal issues are surrounding this, but they ultimately don’t matter – once the servers are down, these computers will not be able to reach the net and most likely will need to be taken to some shop to be repaired.
You can check if YOU are going to be in trouble by going to http://www.dns-ok.us/ yes that is legit, it checks to see HOW you got there, and if you went via one of the “house broken” evil DNS servers or not.
Leave a Reply