FBI Trades Malicious DNS Servers With their Own


Today I learned that on March 8 2012 the FBI will be shutting down some surrogate DNS resolvers and that could break the Internet for as much as 500 kilo Americans and many others in the world. These resolvers have been configured on computers that have been infected with some DNSChanger virus.

Wait, what ? Yeah so, this virus would replace the user's resolvers and point their DNS queries to malicious servers that would give whatever results they want, like point people to really fake banking sites and fake webmails etc etc with the difference to usual phishing being that they would have the correct URL in the address bar

So then I searched a bit and find out that the FBI has chased down the bad guys and replaced the malicious servers with one's that provide true DNS results so that no user's would be impacted, that was Operation Ghost Click.

The effect of this is that if you were infected, you probably still are. Indeed those infected had no idea because everything just continued functioning as usual. That was the goal it seems.

The obvious question is, why didn't they just redirect users to a page that explains that their systems have been infected, the FBI just saved the day, and eventually add a few links to help the user find a fix for their systems ? If I was a tiny bit paranoid I'd say it was a good opportunity to gather some user data.. . If I wasn't paranoid I would say that the "ruling class" is afraid of exposing their subjects to reality, fear of panic and all that stuff.