

FBI takes out $14M DNS malware operation - coondoggie
http://www.networkworld.com/community/blog/fbi-takes-out-14m-dns-malware-operation

======
codezero
"Users involuntarily routed to Internet ads may well have harbored discontent
with those businesses, even though the businesses were blameless."

I have a hard time believing the businesses were completely blameless, if they
made little to no effort to vet the services they purchase. Chances are the
prices were low enough for them not to ask many questions.

~~~
sanswork
I've been on the receiving end of this. Though maybe a different group. The
attacker was redirecting users to my pages with their ads. All complaints were
then directed to us. It's not a fun place to bein having to explain to a bunch
of angry people that yes it's your site but it's not really your site.

~~~
codezero
Thanks for clarifying, I probably just don't quite understand how businesses
went about being duped.

~~~
bluedanieru
I don't think they were duped at all. From what I can tell from the article,
this is malware pointing machines to a bogus DNS server, not businesses using
a shady registrar. These is little an affected business could do about it. I'm
not sure if sanswork is describing the same thing but he could be.

------
Groxx
> _As part of a federal court order, the rogue DNS servers have been replaced
> with legitimate servers in the hopes that users who were infected will not
> have their Internet access disrupted, the FBI stated._

I don't know if that's really the best solution. It's likely exposing more
security holes in whatever machines it's on - breaking their connection might
actually help them (or re-routing to an info page), rather than keeping them
in the dark.

------
simmons
Whoa... I recently observed this very scam while using the network at a local
coffee house. The interesting thing was, it wasn't an end-user computer that
was infected -- their router had been reprogrammed to direct users to this DNS
server in Russia.

------
cheald
This is precisely with PROTECT-IP and E-PARASITE are horrible ideas. We need
DNSSEC, and legislative efforts that'd work against it are just going to
enable this sort of criminal activity to continue.

I hope that legislators connect the dots.

~~~
tptacek
I don't understand what any of this has to do with DNSSEC. DNSSEC is a dubious
idea; its core value proposition is to turn DNS registrars into CAs. If we had
DNSSEC 5 years ago, Ghadafi's Libya could have controlled Bitly's TLS key.

I also don't see what an FBI malware bust has to do with E-PARASITE, but I
don't care at all about E-PARASITE in any direction, whereas I do care about
DNSSEC, which I think could actually fuck up the Internet.

~~~
marshray
_Ghadafi's Libya could have controlled Bitly's TLS key_

A. Hosting important stuff under TLDs controlled by unstable, unfriendly
governments is a dumb idea any way you slice it.

B. Ghadafi's Libya did control bit.ly. Libya still does, until such time as no
one will talk to it without properly-authenticated TLS.

C. TLS keys are not part of DNSSEC. Some people are proposing that idea, but
it's not clear if whatever might get adopted could actually usurp a decently
CA signed cert served over HTTPS. It looks far more likely that CA pinning in
HSTS is going to be deployed much faster than anything over DNSSEC.

