DNSChanger Doomsday Threat Fizzled--Just as It Should Have

You might see the whole DNSChanger ordeal as overblown. On the other hand, the information campaign worked.
  • Jared Newman (PC World (US online))
  • — 09 July, 2012 20:22

Now that the feds have cut the lifeline for Internet users infected by the DNSChanger malware, we find that the result of that action wasn't quite the "Internet doomsday" that some had predicted.

[Read: DNSChanger Malware: What's Next?]

DNSChanger caused a panic because it was routing Internet traffic through rogue servers, which the Federal Bureau of Investigation seized and shut down in late 2011. The FBI was hosting surrogate servers to keep infected users online, but pulled the plug on Monday, forcing users to get clean or risk losing their connections.

But as of Sunday night, the FBI estimated that only 41,800 computers remained infected by DNSChanger, the Associated Press reports, and some Internet service providers are offering their own solutions to keep customers online. It's safe to say the cutoff day has been free of catastrophes. "We're not aware of any issues," FBI spokeswoman Jenny Shearer told the Boston Globe.

The Warnings Worked

In light of the aftermath--or lack thereof--you might see this whole ordeal as overblown. But there's another way to look at it: The information campaign worked.

As of February, half of all Fortune 500 companies owned computers infected with DNSChanger, and an estimated 350,000 computers around the world were still infected.

I first wrote about DNSChanger in April, but by then, the FBI's original cutoff date had already passed. A federal judge extended the deadline from March to July because not enough people were aware of the situation.

So the FBI stepped up its campaign, dramatic headlines ensued, and people started to pay attention. Stories written about DNSChanger got heaps of traffic, even outside the tech world. The story was covered on the radio and on television. It even passed one of my favorite litmus tests for whether a tech story has gone mainstream: My mother-in-law asked me about it.

Without that level of attention, more people might have lost their connections today, including employees at major corporations and government agencies. Of course DNSChanger fizzled; that was the point.

Still, I'd like to think the same effect could be achieved without inaccurate headlines claiming the sky was about to fall.

Follow Jared on Twitter, Facebook or Google+ for even more tech news and commentary.

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

AVG Internet Security 2011 Business Edition

Ultimate protection for your small or medium-sized business

more »

Submit your own security event

Submit your training courses

Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.

Read More
more »