On July 9, the FBI finally pulled the plug on the temporary servers that kept online the computers infected with the DNSChanger Trojan. Contrary to rumors of an internet doomsday, with millions of internet users predicted to go offline abruptly, only 210,000 IP addresses spread across the world were booted out of the internet. That the episode received widespread publicity promoting many users to take cleansing measures and also the fact that some ISPs in fact established their own DNS backup servers as a substitute for the FBI supported one which was switched off mitigated the damage to a large extent.
But ISP’s running substitute servers means that the threat posed by the infection still remains. Many security experts have strongly criticized this move as, obfuscating the real issues and going for a short term fix while ignoring the wider picture and the broader implications. The concern is owing to the fact that DNSChanger is actually a secondary infection. The primary malware is a botnet TDSS that instructed the machine to download DNSChanger, which still thrives in such infected systems and can still wreck havoc.
Like any other potent malware, cyber criminals are likely to recycle DNSChanger, and in such an eventuality, the computers that still depend on the temporary servers run by the ISP’s not only become sitting ducks, but may also became projectiles that pass on the malware to other computers.
As some experts opine, people who disregarded repeated warning banners, AV warnings, phone calls from ISPs and other notification attempts probably deserve to be disconnected from the internet anyway!