Monday, July 9, 2012

Did anyone lose internet access?

I assume since you are reading this you still have access to the internet and are not one of the estimated 4 million computer impacted by those nasty little Estonians two years ago.

Seems that these five or six guys from some country called Estonia or Elbonia or whatever, created a script that modifed the DNS entry on any computer that activated their script. For those of you with little or no understanding of the internet, DNS is Domain Name Services and it's basically the "Phone Book" for the internet.

If you are interested in the whole story, feel free to read on. Other wise, scroll down to todays links.

...

Still here? Okay then, lets get started:

When you type "www.wastesometime.com" into your web browser, your computer has no idea where "www.wastesometime.com" lives. All it knows is that you want to waste some time.

The way your computer finds out where to go is it first goes and talks to a Domain Name Server (DNS) at your Internet Service Provider.

That DNS server then goes and talks to another DNS server that contains all of the domain names for the ".COM" top-level domain.

The top-level domain server tells your computer the address of the DNS server for the domain "WASTESOMETIME". Once it knows that, your computer then asks the DNS server for "WASTESOMETIME" for the address for the "WWW" server at "WASTESOMETIME.COM".

When all is said and done, your computer knows that the "WWW" server for "WASTESOMETIME.COM" resides at 204.13.162.123 and asks that server to please provide the webpage.

So anyways, those crazy Elbonians figured out that there is a way to tell your computer to use their Elbonian DNS servers to get your information instead of your ISPs DNS address. That "redirection" meant that the Elbonians could now direct your computer to whatever server they wanted to.

If you typed "WWW.MICROSOFT.COM" into your browser, the Elbonian server might return an address that directed your computer to open a web page on the "WWW.HEREISSOMEPORN.COM" server. Or it might open a page that looked just like the Microsoft web page but contained some hidden code that took control of your computer and used it to send out those millions of Cheap Viagra/Breast Enhancement/Rolex Watches/Meet Christian Singles email messages that are constantly ending up in my inbox.

Or even worse, if you type "WWW.MYBANK.COM" into your browser, expecting to connect to your bank, you might be redirected to a web server that presented you with your bank web page but captured all of the information you typed. That meant the Elbonians would now have your bank account information, including the password you use to log in.

So anyways, the FBI managed to find and catch the weasely little Elbonians but when they discovered that over 4 million PCs had been compromised, they figured they should do something to prevent everyone from losing internet access.

They decided to replace the Elbonian 'What DNS servers? We don't have any DNS servers. Oh, those DNS servers. We don't know nothing about those DNS servers.' DNS servers with shiny new FBI 'Trust us, we're not evil like the Elbonians. We're from the government!' DNS servers.

Well, last night around midnight, the FBI shut down its non-evil servers. This caused anyone still infected by the Elbonians to suddenly stop getting address information about the internet. And, as I just explained, if you don't have address information, you can't get what you want.

Sucks to be them...

*

Here are todays links:


No comments: