Will the FBI Shut Down My Computer on March 8? Questions and Answers
To clear up the misunderstandings about this problem, here is a list of frequently answered questions.
Will I lose Internet access on March 8?
Probably not. But to be sure, point your Web browser to http://dns-ok.us/ to find out. If you see green, you're fine.
What if I see red?
Then you've got a problem. The first thing to do will be to change some technical settings on your computer. Click here for instructions on how to do so. That will make sure you still have Internet access when the fateful day comes.
The second thing to do will be to update and run strong anti-virus software that will clean up your machine, because these particular malware infections are pretty nasty. You'll probably have to pay for the software. Here's a list of recommended anti-virus software.
I'm using a Mac. Do I need to worry?
Yes. There are many forms of malware involved, and some affect Macs as well. Here's a list of Mac anti-virus software.
Any chance the deadline will be extended beyond March 8?
Yes. The government has asked a judge to extend it to July 9 — you can read the motion here — but many security professionals would like to stick to the original deadline.
Why? That seems awfully mean.
It's not really. The infected computers have to be cleaned up sometime, and it might as well be sooner rather than later.
But I'm only hearing about this now!
The mainstream press started reporting on this last week. In any case, you've still got time to fix the problem.
I'm still confused. What exactly happened?
(Deep breath.) For about five years, a cybercriminal ring based in Estonia ran a "clickjacking" scam that paid it every time people clicked on online ads it had placed. To boost revenue, the gang used various kinds of malware to infect millions of computers worldwide.
I don't get it.
Follow me here. The malware changed the infected machines' settings so that people searching for various things online would be redirected to webpages that the criminals controlled, and on which the criminals had placed the ads that made them money. Here's a YouTube video that shows how it worked. (Despite what happens in the video, the malware affects Firefox too.)
So what's wrong with that?
It doesn't sound so bad at first, but the gang defrauded online ad-placement companies of about $14 million over five years. Even worse, the gang's malware often disabled anti-virus and operating-system updates on the infected computers, leaving them vulnerable to other kinds of infection.
Wow. How many people were affected?
About four million computers were infected worldwide, including about a million in the U.S. The FBI explains it all here.
How did the malware infect computers?
Through "drive-by downloads" from infected Web pages, and through Trojan horses such as phony online-video software downloads.
How many people are still infected?
We don't know for certain. One estimate is that 500,000 U.S. users could lose Internet access on March 8. Another oft-cited figure states that half of the Fortune 500 companies have at least one infected computer, but if you read between the lines that could mean as few as 250 PCs.
I still don't get it. How did the infection affect Internet access?
When you type in a Web address, your computer doesn't actually understand what you're asking for. Instead, it looks up what you typed in on what's called a Domain Name System server, which tells your computer where to go. Most computers use the DNS server supplied by their Internet service providers.
I'm lost already. DNS what?
Think of a DNS server as a phone book that every Internet service provider has a copy of.
Okay. So the bad guys changed the phone books?
Exactly. And the fake phone books took infected computers to rogue websites where the bad guys put up ads.
Will this affect email as well?
Yes. DNS servers also translate Internet addresses for email software.
So what does the FBI have to do with this?
The Estonian gang was finally busted in early November of last year in what was called "Operation Ghost Click." Here's the indictment if you want to read it.
The FBI shut down the rogue DNS servers — there were about 100 of them — but in order to keep all those infected users online, it got a court order to keep the fake phone books in place for another four months.
And that court order expires March 8?
Bingo.
So what happens then?
The fake phone books get taken offline and, because they'll no longer be able to translate Web addresses, so will all the infected machines still relying on them.
Why can't the FBI just keep them up longer without a court order? After all, they're part of the government.
The FBI isn't actually running those servers. That's being handled by a non-profit company in Silicon Valley which isn't in the business of law enforcement, and it doesn't want to step into murky legal territory
Will I lose Internet access on March 8?
Probably not. But to be sure, point your Web browser to http://dns-ok.us/ to find out. If you see green, you're fine.
What if I see red?
Then you've got a problem. The first thing to do will be to change some technical settings on your computer. Click here for instructions on how to do so. That will make sure you still have Internet access when the fateful day comes.
The second thing to do will be to update and run strong anti-virus software that will clean up your machine, because these particular malware infections are pretty nasty. You'll probably have to pay for the software. Here's a list of recommended anti-virus software.
I'm using a Mac. Do I need to worry?
Yes. There are many forms of malware involved, and some affect Macs as well. Here's a list of Mac anti-virus software.
Any chance the deadline will be extended beyond March 8?
Yes. The government has asked a judge to extend it to July 9 — you can read the motion here — but many security professionals would like to stick to the original deadline.
Why? That seems awfully mean.
It's not really. The infected computers have to be cleaned up sometime, and it might as well be sooner rather than later.
But I'm only hearing about this now!
The mainstream press started reporting on this last week. In any case, you've still got time to fix the problem.
I'm still confused. What exactly happened?
(Deep breath.) For about five years, a cybercriminal ring based in Estonia ran a "clickjacking" scam that paid it every time people clicked on online ads it had placed. To boost revenue, the gang used various kinds of malware to infect millions of computers worldwide.
I don't get it.
Follow me here. The malware changed the infected machines' settings so that people searching for various things online would be redirected to webpages that the criminals controlled, and on which the criminals had placed the ads that made them money. Here's a YouTube video that shows how it worked. (Despite what happens in the video, the malware affects Firefox too.)
So what's wrong with that?
It doesn't sound so bad at first, but the gang defrauded online ad-placement companies of about $14 million over five years. Even worse, the gang's malware often disabled anti-virus and operating-system updates on the infected computers, leaving them vulnerable to other kinds of infection.
Wow. How many people were affected?
About four million computers were infected worldwide, including about a million in the U.S. The FBI explains it all here.
How did the malware infect computers?
Through "drive-by downloads" from infected Web pages, and through Trojan horses such as phony online-video software downloads.
How many people are still infected?
We don't know for certain. One estimate is that 500,000 U.S. users could lose Internet access on March 8. Another oft-cited figure states that half of the Fortune 500 companies have at least one infected computer, but if you read between the lines that could mean as few as 250 PCs.
I still don't get it. How did the infection affect Internet access?
When you type in a Web address, your computer doesn't actually understand what you're asking for. Instead, it looks up what you typed in on what's called a Domain Name System server, which tells your computer where to go. Most computers use the DNS server supplied by their Internet service providers.
I'm lost already. DNS what?
Think of a DNS server as a phone book that every Internet service provider has a copy of.
Okay. So the bad guys changed the phone books?
Exactly. And the fake phone books took infected computers to rogue websites where the bad guys put up ads.
Will this affect email as well?
Yes. DNS servers also translate Internet addresses for email software.
So what does the FBI have to do with this?
The Estonian gang was finally busted in early November of last year in what was called "Operation Ghost Click." Here's the indictment if you want to read it.
The FBI shut down the rogue DNS servers — there were about 100 of them — but in order to keep all those infected users online, it got a court order to keep the fake phone books in place for another four months.
And that court order expires March 8?
Bingo.
So what happens then?
The fake phone books get taken offline and, because they'll no longer be able to translate Web addresses, so will all the infected machines still relying on them.
Why can't the FBI just keep them up longer without a court order? After all, they're part of the government.
The FBI isn't actually running those servers. That's being handled by a non-profit company in Silicon Valley which isn't in the business of law enforcement, and it doesn't want to step into murky legal territory
No comments:
Post a Comment
Send a plain text, no attachments, email from any client to comment. Only registered users or OpenID have this access.