July 9th is being called “Internet Doomsday” by some security firms and trade magazines. Last year, the FBI arrested several people who were running an international scam. They used malware called “DNSChanger” to modify network settings on millions of computers worldwide; instead of going to local DNS servers, these infected systems went to rogue servers controlled by hackers who made an estimated $14 million from advertising revenue.
The servers were rendered harmless, but a lot of people are still unknowingly using them, so the FBI kept them running to give people time to clean up the mess. These servers will be taken offline on July 9th, so anyone still pointing to them on that date will have problems accessing Internet sites.
Last November, we featured an article that explained how domain name resolution works. The rogue DNS servers mentioned above took advantage of DNS redirection in order to draw traffic. Normally, your system has the address of your ISP’s DNS server, or the address of your company’s internal server. The DNSChanger malware would alter this setting to point to a network controlled by hackers, so instead of sending DNS requests to Comcast or Verizon, you’re sending them to a compromised server that may or may not give you what you wanted. Unless you went into your network settings and checked, you would have no idea that anything was different. Even if you did check, how would you know whether or not the numbers were correct? They’re just numbers, which by themselves don’t mean anything to most people.
Internet Service Providers typically have multiple DNS servers. If one goes down for any reason, another will take over. However, the entire cluster of formerly-rogue DNS servers will be taken offline July 9th, and there is no automatic failover. When an infected system tries to go to Facebook, instead of their wall coming up, it will return an error that the site could not be found. The system will no longer have a DNS server to look up where “www.facebook.com” is. Tech support lines will be flooded with people who suddenly can’t access the Internet, most of them assuming that it’s the fault of their provider.
Before that all happens, everyone should check their system to make sure they are clean. Here are two sites to visit: DNS-OK and The DNS Changer Working Group. DNS-OK is run by the FBI, and will run a quick check on your system to make sure it is set correctly. DCWG will not only tell you if you’re clean, but offer tips and links to fix the problem if you have it.
I urge everyone to check out one of those sites to verify that they were not affected. That goes for Mac users as well as those on Windows—gone are the days of sitting back and smugly saying, “I’m on a Mac, it can’t affect me.” WRONG—the past year alone has shown that we ARE vulnerable, if not by flaws in the OS, then by flaws in Internet clicking discipline. Check out your system before the deadline so you’re not dead in the water.