Vixie warns: DNS Changer ‘blackouts’ inevitable

Mon May 28 19:56:34 UTC 2012

[Dnschanger substitute server operations]

> One thing is clear, Paul is able to tell a great story.

PR for ISC is somewhat limited, it's often attributed to the FBI:

| The effort, scheduled to begin this afternoon, is designed to let
| those people know that their Internet connections will stop working
| on July 9, when temporary servers set up by the FBI to help
| DNSChanger victims are due to be disconnected.

<http://news.cnet.com/8301-1009_3-57439407-83/google-will-alert-users-to-dnschanger-malware-infection/>

| The FBI has now seized control of the malicious DNS servers, but
| countless computers are still infected with the malware.

<http://www.h-online.com/security/news/item/Google-warns-DNSChanger-victims-1583037.html>

| The malware is so vicious — it can interfere with users' Web
| browsing, steer them to fraudulent websites and make their computers
| vulnerable to other malicious software — that the FBI has put a
| safety net of sorts in place, using government computers to prevent
| any Internet disruptions for users whose computers may be infected.

<http://www.technolog.msnbc.msn.com/technology/technolog/infected-users-get-legit-warning-about-july-9-internet-doomsday-751078>

(I'm justing quoting what I found.  Some of the linked articles
contain bogus information.)

In any case, this isn't what bugs me about the whole process.  I don't
like the way this is implemented—mainly the use of RPZ, but there are
other concerns.  The notification process has some issues as well, but
it's certainly a great learning exercise for all folks involved with
this.  To me, it doesn't really matter that Dnschanger is fairly minor
as far as such things go.  Hopefully, the knowledge and the contacts
established can be applied to other cases as well.