1 |
On 2/18/2012 5:26 AM, Dale wrote: |
2 |
> Howdy, |
3 |
> |
4 |
> I ran across this and though it was a joke. Did a news search and sure |
5 |
> enough, it is reported in lots of places. Random linky: |
6 |
> |
7 |
> http://www.dailymail.co.uk/news/article-2102856/Will-FBI-shut-Internet-March-8-virus-concerns.html?ito=feeds-newsxml |
8 |
> |
9 |
> Is there any truth to this mess? My bigger and better question, how is |
10 |
> shutting down the internet going to fix this? When the net comes back |
11 |
> up, they are still going to be infected. Right? |
12 |
|
13 |
As usual, the headline has things completely backwards; if |
14 |
you actually read the article and ignore the headline you |
15 |
will get something closer to reality: |
16 |
|
17 |
* There is a fairly large botnet that works by hijacking the |
18 |
DNS settings of the machines it infects, and redirecting |
19 |
them to rogue DNS servers. |
20 |
|
21 |
* The rogue DNS servers resolve all DNS requests by |
22 |
returning the IPs of various scam sites etc. that the botnet |
23 |
owners get paid for. |
24 |
|
25 |
* The FBI and the Dutch national police, stepped in and |
26 |
arrested those in charge of the botnet. |
27 |
|
28 |
* 120 days ago -- Nov 8 -- they dismantled the botnet's core |
29 |
network and replaced the rogue DNS servers with legitimate |
30 |
ones serving legitimate DNS zone information. |
31 |
|
32 |
* On March 8 the FBI will turn off their stand-in DNS servers. |
33 |
|
34 |
If you aren't infected by this botnet you won't notice |
35 |
anything. If you are still infected by this botnet your DNS |
36 |
servers will vanish (and, in theory, someone could step in |
37 |
and replace them, depending on what happens to the allocated |
38 |
IPs). |
39 |
|
40 |
--Mike |