No web meltdown, no manic Monday

0

Tweet

If you're spooked by news reports of a major internet outage on July 9, Monday, don't be. According to the working group that's been tracking the specific viruses in question - only 21, 302 Indian computers have been infected. (http://www.dcwg.org/2012/). In a nation with more than 120 million Internet users, that's hardly more than a drop in the ocean.

The bugs in question are DNS changing viruses - they've been variously called TDSS, Alureon, TidServ and TDL4 viruses. What they do is force your computer to go to unauthorised servers that cyber-criminals have set up - which can then rob you of your web passwords, empty your bank account, or simply show you spurious results every time you search for information on Google.

What's DNS? It's short for Domain Name Server. When you type in a web address like www.facebook.com or www.gmail.com into your browser, you're typing in English alphabets. But computers don't understand alphabets - they only understand numbers. Every website is hosted on servers with a specific address - an Internet Protocol (IP) address - which is a unique set of numbers.

DNS servers are intermediaries between your computer and the website you're trying to access. They have a huge list of website names and the unique IP addresses for each of them. When you look for www.facebook.com, the DNS server accepts your request, matches the name against the number and forwards your request to the servers that host Facebook.

The address for the DNS server itself, is filled into the settings in your PC's web router/modem. What viruses like TDL4 do, is erase that address and replace it with another one - which points to the bad guys server.

The Federal Bureau of Investigation (FBI) discovered a long time ago that cyber-criminals had infected thousands of computers in America and the rest of the world. They also realised that suddenly shutting down the criminal servers all these computers were being directed to, would mean a lot of innocent people would suddenly lose their internet connection completely.

So the FBI got a private company to set up two new, clean servers - to point all those computers back to the real websites they actually wanted to visit. In the meanwhile, cyber security organisations in every country and sites like Facebook and Google put out repeated warnings - asking people to check and purge their computers of infections.

Many people heeded those warnings. Others didn't. On Monday, those temporary, clean servers that allowed infected PCs to safely connect to the web will be shut down. Infected computers will no longer be able to access the internet.

The good news is - it's very easy to set things right. To automatically scan if your computer is infected, simply go to http://www.dns-ok.us/. The site flashes a green icon if your PC is clean and a red warning if it's been compromised. To clean your infection, head to http://www.dcwg.org/fix/ and follow all the steps listed there. It's a lot of work but it's worth it. (You could ask a systems engineer to do it for you to.)

Why have only 21,302 computers been infected in India so far? We must have been lucky. Because hardly anyone in India regularly updates their anti-virus software or gets the latest version of web browsers like Firefox, Chrome and Opera. Those measures can greatly reduce your risk.

CERT-IN, or the Computer Emergency Response Team of India might also have played some role. They pro-actively sent out a warning to all public sector units and government organisations, with instructions on how to set things right. One wonders if they could have done just a wee bit more to help ignoramuses like me - by making the detection and cleaning of these viruses a bit more simple.

While we might have escaped Internet Armageddon this time - there's lots to suggest we have a long, long way to go in cyber protection. Industry insiders told me all Indian Internet Service Providers (ISPs) like BSNL, Airtel etc are fairly lackadaisical about security.

An international body called the Internet Assigned Numbers Authority (IANA) has guidelines which say the DNS servers of all Internet Service Providers (ISPs) should be restarted and re-synced every twenty four hours. That helps weed out a lot of stray malware coursing through the system. But Indian ISPs take between 48 hours to 7 days to do the job - allowing ample time for bad guys to do their job.