The
DNS Changer Working Group took its DNS servers offline earlier today, and the
world didn't end. Isn't that great?
As PCMag.com reported earlier today, many
of the Internet Service Providers configured their own substitute DNS servers
and are continuing to work the problem. Major Internet providers like Comcast,
Time Warner Cable, Cablevision, and others, said they saw minimal impact from
DNSChanger. In fact, Comcast received a "minuscule number of calls,"
a spokesperson told PCMag.com.
"The FBI is out — and ISPs are
in," Mikko Hypponen, chief research officer at F-Secure, wrote on the News
from the Lab blog.
Having the ISPs step in makes a lot of
sense. The internet providers "have to start taking action earlier"
to protect consumers as in most cases, the users are relying on the ISP for
their DNS needs, Rapid7's Marcus Carey, told Security Watch. "ISPs should
be proactive on this front, because at the end of the day they will have to
field the calls when users complain that their Internet has gone black,"
he said.
Shut It Down!
The decision to continue with the shutdown
of the FBI servers appeared to be a popular one, according to results of an
online poll conducted last week by F-Secure and posted by Hypponen. When asked
whether the FBI should be authorized to continue operating the alternate DNS
servers after July 9, an overwhelming majority, or 87 percent, said no. It was
"time for 'tough love.' Stop enabling the weak," the respondents
said.
That doesn't mean companies can get
complacent, as many of these infections were side effects of more serious
malware infection, Dan Brown, director of security research at Bit9, told
Security Watch. Companies should monitor their networks for DNS traffic going
to the expected IP addresses and be aware of what kind of traffic is entering
and leaving their environment.
The latest statistics show about 50,000
impacted systems in the United States and 250,000 worldwide. Italy, India,
Germany, and Great Britain round out the rest of the top 5 countries with
DNSChanger. These five countries account for about 117,000 infected machines.
What Did We Learn From DNSChanger?
The actions taken by the FBI to ensure
victims don't lose internet access are unprecedented, Dave Pack, director of
LogRhythm Labs, told Security Watch. The coordination between the FBI and
private sector companies, funding to maintain alternative servers, and the
public outreach to notify end-users, showed the government was taking
post-takedown repercussions into account, he said.
"It will be
interesting to see the long-term impact of the DNS Changer malware incident and
if the FBI and other government agencies will take a more active role in
controlling the damage from potential attacks," Pack said.
No comments:
Post a Comment