Thousands of users around the world are likely to lose internet access on Monday thanks to a virus called DNS Changer – how bad could things get, asks Matt Warman.
As viruses go, DNS Changer appeared fairly harmless – initiated in 2007, it simply generated fraudulent clicks on adverts, and made its Estonian creators something under £10million. Infected computers accessed the web slightly more slowly, but their users could be forgiven for not even noticing they had a so-called “botnet infection”, let alone realising that they were aiding a criminal gang.
In shutting down the virus, however, the FBI opened a can of worms that reveals what one analyst calls “a weakness in the internet’s infrastructure”. Dan Brown, director of security research at web firm Bit9, says that worse still the FBI’s “band-aid approach” mirrors how security as a whole has evolved on the web. “Generally,” he says, “it has preferred band-aids over real solutions”.
The problem arises because DNS Changer alters the directory that tells a computer the digital address to which intelligible sitenames refer: so rather than Amazon.co.uk leading you to the online bookshop, it redirects you to a fraudulent site, derives revenue from the invisible click and then passes you on to where you wanted to go. The FBI’s solution was simply to replace the criminal server, to tell people that something was wrong and to keep passing the traffic through. Now, however, it says that it can’t spend endless taxpayers’ money on maintaining that server. When it turns it off on Monday, some 350,000 people will lose their connections, of whom around 20,000 live in Britain.
“Security was not paid a great deal of attention while the Internet was first forming,” says Brown. “Now, years later, we’re stuck with the bill. It’s long been known what the fix for this particular problem is, but like kids eating vegetables, it’s something we put off as long as possible.”
It’s extremely unlikely that this could ever be repeated on the grand scale that would be required to make a major difference to the internet as a whole; but it is possible that the constant cat and mouse game of viruses versus security experts continues to cause a number of small problems that all add up to a decent sized headache. Even Apple has recently dropped the claim that its computers are immune from viruses. But nonetheless, the distributed nature of internet infrastructre lends itself to a secure, resilient network.
It’s worth emphasising, too, that those 500,000 affected by DNS Changer represent just a very tiny percentage of the 2 billion currently online. Even so, many of the 350,000 computers currently infected won’t know until Monday. And although preventable by any standard security software, there are still many users who aren’t sufficiently computer savvy to know how to keep themselves safe online. The “DNS Checker Page” allows users to see if they have the virus and to remove it, and has been largely responsible for the fall in the virus’s prevalence.
Brown suggests users should also limit future damage by using their computer’s “Guest” account for general surfing, so that any potential malware infections are confined and won’t have the ability to compromise individuals’ personal and sensitive data. But of course that would also deprive them of a host of the increasingly personalised features of modern computing. “Affected users will largely be relying on their ISPs or their technically-inclined nieces and cousins to help them figure out why they suddenly can’t access the Internet on July 9,” says Brown. For many, that basic technology advice is what keeps their increasingly vital computers online. In the future, more education than ever will be needed.
Is your computer infected? Call Tec Team NOW