Being the author of a mostly unknown home networking how-to book means that I have lots of insights into how people run their home networks. And even though the book is ten years old, things that I wrote about then that are still very much current, such as keeping your computers secure from infection.
I was reminded of this situation this week with the news that the FBI has taken down one of the largest botnets in history. The crime ring, based in Estonia, managed to steal somewhere north of $14 million by infecting millions of computers. I wrote the story this morning for ReadWriteWeb and you can click on the link at the end of this piece and read more details as well as navigate to links where you can find out whether your computers are infected.
While it is great that the bad guys were apprehended, it was somewhat bittersweet victory. Computer security vendors actually knew of their nefarious activities five years ago, when the DNSChanger exploit was first observed. And while you can fix a part of the problem, there is still no single simple method to disinfect your computers and routers from this scourge.
DNS refers to the Domain Name System, which was invented by Paul Mockapetris back in 1983, and he is still actively involved in selling DNS solutions today. (Paul and I served for several years together on the Interop conference advisory board, where I got to appreciate his rapier wit.) Every thing on the Internet, whether it is a computer, a mobile phone, a router, or some mundane embedded device, uses DNS to translate the alphabetical domain address, like strom.com into its numeric IP address, the collection of digits that we have run out of assigning earlier this year.
The nasty brilliance of the Estonian DNSChanger exploit was that it replaced the DNS settings of your computers – both Macs and Windows – along with common home routers. This meant that when you tried to go to certain Web destinations you would be directed instead to a phony one, or served up phony ads on legit sites. That is how they collected so much money, one click at a time.
If you bough a Linksys or Dlink or Netgear router and didn’t change its default password when you set it up, you should stop reading right now and rectify that situation.
Over 100 servers were located in data centers in New York and Chicago to handle the phony DNS queries. (So much for that shortage of IP addresses.) The FBI has published a list of these IP addresses, and you can check against that list (or use a Web form that they have set up) to see if your network has been compromised.
If you are mucking about with your network’s DNS, now would also be a good time to use a more secure DNS provider, such as OpenDNS.org. It is free and will also speed up your Web browsing too.
Feel free to post comments on my RWW story too if you are so moved.