back to article Two weeks 'til the internet disappears, for 58 Fortune 500 companies

Even though the DNSChanger safety net deadline expires in just two weeks, 12 per cent of Fortune 500 firms still have at least one infected machine on their network, according to a new survey. DNSChanger screwed up the domain name system (DNS) settings of compromised machines to point surfers to rogue servers, redirecting …


This topic is closed for new posts.
  1. pixl97

    Headline maddness.

    Revised headline...

    "Two weeks till a few computers at 58 fortune 500 companies can't resolve domain names."

    Sounds pretty lame when you say it the way it is. Hopefully the computer not being able to get online will cause someone to fix the virus infested plauge spreader, maybe clean up some other more active infections too.

    1. leexgx

      Re: Headline maddness.

      why cant they just set the DNS server to point all DNS query's to an web site that states there pc has an DNS changer malware on it and Tell them to contact there local Admin or computer shop to clean the PC

      its really not that hard to do

      1. Soruk

        Re: Headline maddness.

        Because if they did that, guess what would happen if they tried to download virus updates and clean-up tools.

      2. Dale Richards

        Re: Headline maddness.

        World Wide Web != Internet

        1. Stuart Castle Silver badge

          Re: Headline maddness.

          While it is true that "World Wide Web != Internet", ALL internet access protocols use DNS at some point (unless you just use the IP), so with DNS problems, the Internet (and not just the web) does go dark

      3. Goat Jam

        Re: Headline maddness.

        there != their != they're

        its really not that hard to do

        1. RHSquared

          Re: Headline maddness.

          its != it's

  2. Antidisestablishmentarianist


    That is all

  3. Anonymous Coward
    Anonymous Coward

    So 113 computers lose internet connectivity...

  4. Anonymous Coward
    Anonymous Coward

    Internet disappears!

    Damn. I suppose we'll just have to get some work done.

    1. Ken21
      Thumb Up

      Re: Internet disappears!

      My thoughts exactly!

  5. ken jay

    remind you of y2k bug lol

    any self respecting system admin that has servers go dark deserves to work at mcdonalds in my opinion i dont know whats scarier, the reg posting scare-ware stories or the dns changer malware.

    1. Ken Hagan Gold badge

      Re: remind you of y2k bug lol

      I don't read this as a scare story. Since there are no ill-effects beyond the mal-administered networks, the story is more of a "Good grief! 58 *Fortune 500* companies are lame enough that they haven't dealt with this yet. What cretins! Let's lay in supplies of popcorn and enjoy the show.".

    2. Anonymous Coward
      Anonymous Coward

      Re: remind you of y2k bug lol

      I wouldn't be as lenient. I'd make them EAT at McDonalds.

    3. Marty

      Re: remind you of y2k bug lol

      " remind you of y2k bug lol "

      you know that sort of poke does annoy me....

      from 1996 right up to and after y2k we worked our ass's off getting every machine we were responsible up and ready for the y2k swcrew up. up and down the country, and worldwide, IT departments scrambled and sweated to make sue there was no y2k bug to cause trouble... and guess what? all the work paid off. planes did not fall from the sky, boats did not crash into harbours, the nuclear arsenal didn't launch itself, reactors didn't go into meltdown,

      Y2K WAS a serious problem, but for all the effort, nothing major (or even minor) went wrong... and what happened? we get a load of stick from nobs who dont have a clue, because we fixed a problem,

      we couldn't win.... if we didnt fix the problem, we would have got shit, we fixed it and still got shit....

      1. Destroy All Monsters Silver badge

        Re: remind you of y2k bug lol

        Come on now. These youngsters know nothing. Let them make cynical noises from the idiot corner, install random apps from Facebook and get plastered on weekends.

        I always wondered who the hell makes up the demographic expressing "high consumers confidence" in the government statistics.

      2. Steve Knox

        Re: remind you of y2k bug lol

        The problem with the hype about the y2k bug is evidenced in your post:

        planes did not fall from the sky, boats did not crash into harbours, the nuclear arsenal didn't launch itself, reactors didn't go into meltdown

        Exactly zero of those was a likely consequence of the y2k bug. The most likely consequences were services (such as electricity, gas, etc.) being shut off due to date-related billing errors -- and there were a few of those.

        The bug was serious, and a lot of people worked hard to fix it, including myself. But it was overhyped, and it existed solely because our industry failed to plan properly to begin with. We made big mistakes in the decades leading up to the nineties and then scrambled to fix them, and for the most part we did.

        Would you give a surgeon an award for removing a scalpel he left in the patient earlier? Would you award a General who came up with a masterstroke in a war, which was only still happening because he screwed up strategically earlier on? How about a football player who wins the game in the last minute with a goal that offsets an own-goal he made in the first minute?

        If we didn't fix the problem, we'd have been rightly hated as the incompetents we would have been, When we did fix the problem, we got a sigh of relief, and some of us got bonuses we didn't deserve. What we deserved was a "Now, don't do it again!"

        1. Johan Bastiaansen

          Re: remind you of y2k bug lol

          "Now, don't do it again!"

          But we are doing it again, aren't we? And not only in IT. I've been invited to meetings where even the month wasn't mentioned. Like in "can we meet the 17th, or do you prefer the 3rd?"

          Always from the deep thinkers off upper management of course.

        2. Anonymous Coward
          Anonymous Coward

          Re: remind you of y2k bug lol - Consequences Worse Than You Thought

          In my Y2K testing, I found an error in a terminal emulator, which, unremediated, merely displayed the date incorrectly. Minor stuff.

          A different branch of our IT department was testing a commercial medical database application we were running. The vendor swore up and down they'd tested their app, and that it was Y2K-compliant. The vendor lied, or was grossly incompetent. During our testing, when the date changed to March 1, 2000, the application deleted the previous month's drug information from the (test-data-)patients' records. Major stuff.

          When people in the halls groused about the money we were "wasting" on Y2K, I'd tell them, "It's better to spend the time than to have someone die."

          A co-worker finally pointed out to management that all the money we were spending on Y2K testing and remediation would be a drop in the bucket compared to what we'd lose in a single lawsuit, after which they quit bitching to us about Y2K-related overtime hours.

          And no, there wouldn't have been any Y2K-related overtime if management had listened to us and put us to working on the problem before June, 1999.

        3. Marty

          Re: remind you of y2k bug lol

          "The bug was serious, and a lot of people worked hard to fix it, including myself. But it was overhyped"

          I was being a little sarcastic over planes falling out of the sky and ships crashing into harbours...but, it was serious, and it wasn't over hyped....

          There was not enough attention paid to other 2k dates. Most people only went on about 1/1/00, but there were other significant dates that caused problems...

          personally, I worked in several of the nuclear plants in the UK on y2k testing and replacement of hardware. There were some old computers scattered about that did nothing but churn out logs, but when other equipment was reading those logs and reacted to them. testing showed that at midnight on 1/1/00 the halt of correctly timed logs would prevent the start up of a secondary power generator, on a redundancy power supply. (IIRC). It would take a whole series of things to screw up, and nobody available to intervene, but power to a coolant gas circulation system could have been lost to the AGR...

          was a meltdown possible... yes...was it likely, no. But if you put all the minor little failures together, all at one time, a disaster was possible as staff would have been running around like lunatics trying to fix stuff.....

        4. Cpt Blue Bear

          Re: remind you of y2k bug lol

          I don't buy that. Sure it was overhyped, but it was not a self inflicted wound.

          Not one Y2K job I was involved with was on a system less than 8 years. Several were obsolete when they were installed in the early '90s. I seriously doubt anyone writing, building or installing those systems thought they'd still be in use at the end of the 20th century.

          1. J P

            Re: remind you of y2k bug lol

            My father used to write OSs for IBM mainframes (cue anecdotes about machines the size of our lounge with the computing power of a musical greetings card etc) and while those 2 bits were important back then, I clearly remember him commenting how he couldn't believe no-one had ever bothered to fix it once megabytes of storage became common place. Last time he bought a hard drive, and that was a couple of years ago, he paid £80 for a lump of storage which would have cost £19m _to rent for a week_ when he started programming...

        5. Graham Bartlett

          Re: remind you of y2k bug lol

          Not quite.

          All that software was adequate for when it was originally written, and its intended lifespan. No-one expected any of these dinosaur Cobol programs to still be limping along in the year 2000. And back when a lot of that code was written, saving 2 bytes per data record was a *BIG* deal. As in multi-million-dollar big. Storage was *EXPENSIVE*. (Yes, I'm getting shouty. If you don't appreciate the reason for the problem existing, you don't deserve to comment on the problem.)

          Of course there will have been some muppet VB coders who hacked up something quick and dirty like 'date_string = "19" + year' But the big beasts, the ones that mattered, were the ones which everyone had fully expected to be replaced by ten years after they were written. Except that they carried on working, and no-one ever got round to it, and the people who knew there was a problem were either retired, working elsewhere, or if still there had their requests to fix it "deprioritised". Our "industry" was shouting about it well ahead of time, but unless the money-men release the purse strings, there's sod all you can do about it.

          If you want an analogy, try cancer treatment. Standard treatment used to be whacking great doses of X-rays with bugger-all monitoring. Not at all safe, or good practise these days. But that was the best they could do with the equipment they had. We can do much better these days, but only because we've got better gear than they had.

    4. Ben Hanson 1

      Re: remind you of y2k bug lol

      My first job out of University was in 1994. The geniuses there were still writing software using 2 digit years on the UI. The backend was a database using standard date fields. I was the only one to point this out to them and amazingly they agreed to fix it throughout their numerous products. After the jokes about service contracts had died down, naturally.

      1. Anonymous Coward
        Anonymous Coward

        Re: remind you of y2k bug lol

        I was working on Y2K from mid-97. Having struggled for years to get funding for the work, we were running very late. I had my first Y2K failure live in Feb 99 when our first aircraft arrived with a scheduled servicing that was going to take it over the year end (a 9 month servicing, with a modification package that was another couple of months). We knew it was going to happen ahead of time, and had contingency plans in place to deal with it, but Y2K was definitely a big issue.

        Having said that, I took advantage of the hype over aircraft falling out of the sky to get some cheap flights. New Years' Eve overseas with a flight back on 1 Jan turned out super cheap!

  6. Mr_Pitiful

    Infected Routers!

    I rather doubt that there are any infected routers

    or am I missing something?

    If there were routers affected, then wouldn't there be other isseus?

    1. pixl97

      Re: Infected Routers!

      I think this virus in particular would try to log in to your gateway address with a set of common passwords, like admin/admin. If it could login and detect how to change the dns on the router, it would.

      1. JohnG

        Re: Infected Routers!

        I guess the bit of DNSChanger that tries to change the DNS settings on a broadband router is unlikely to affect the Fortune 500 companies, although some of them may use broadband for guest Internet access.

  7. sisk

    So just a handful of computers won't be able to access the internet. Those'll be the office dummies who don't bother to look at the error messages their computers give them and whose support requests consist of 'It just quit working', with no indication of whether 'it' is the computer, a specific application, a printer, or the USB Christmas tree they bought last October at the dollar store.

    1. Suburban Inmate

      Oh noes!

      So all of a sudden I won't able to access thepir.... FUCK it's happened already!

      I'm calling the police...

    2. Anonymous Coward
      Anonymous Coward

      Not Just Workstations, Not Just Dummies... Sometimes, it's Back-corner Cruft

      In any large company, back-corner cruft accumulates.

      One day, as a tech, I was on-hand in the mainframe production area as on-site support the day we rolled out a new version of mail software. Workstations were PCs running Win2K, joined our domain; we were using MS management tools.

      As I was walking around, I saw a 486 pizza-box sitting on a table. I stopped and stared at it, wondering why I was staring. I realized that (a) there was no monitor attached, and, (b) the power light was on. I looked it over and started tracing wires. There was a patch cable connected to a network walljack. The "activity" light on the NIC was flickering. There was a parallel cable heading off to somewhere, and I found the (attached) mouse and keyboard underneath the table. I followed the twenty-five-foot-plus-likely-out-of-spec parallel cable to a huge machine that had to have been brought into the data center in sections and re-assembled there.

      I went back to the PC, found an unused CRT under the table, hooked it up, and turned it on. The 486 was running some flavor of Windows 98 and NPRINTER on an auto-login account. Inspection showed McAfee antivirus updates had been failing on the box for months.

      I found an old-time employee and asked her what the monster-sized box did that was at the far end of the parallel cable. She told me, "Oh, that's our high-speed Xerox printer."

      Me: "What do you print on it?"

      Her: "Bills and paychecks."

      1. Destroy All Monsters Silver badge
        Thumb Up

        Re: Not Just Workstations, Not Just Dummies... Sometimes, it's Back-corner Cruft

        War stories - hell yeah!

      2. Mr Grumblefish

        Re: Not Just Workstations, Not Just Dummies... Sometimes, it's Back-corner Cruft

        Bad but I've heard worse.

        Oh wait, the point of the story isn't that they were using McAfee.

        1. cosymart
          Thumb Up

          Re: Not Just Workstations, Not Just Dummies... Sometimes, it's Back-corner Cruft

          I had to chuckle as the advert that was accompanying this article on my version was from McAfee :-)

    3. DJ Smiley

      Why would they know?

      Anyone who follows the office policy of NOT going on google or wikipedia wouldn't have any other way of knowing.

      However the IT guys should have noticed and fixed it for them before it gets to the point it becomes a problem. (Providing of course they are given the time to do such things, heh ;))

  8. Frank Haney

    Oh no, another computer virus

    According to fsecure, which was one of the first hits on Google, its full name is W32/DNSChanger. I wonder what W32 signifies. :)

  9. Barry Rueger

    Name 'Em and Shame 'Em!

    I'm pretty sure that these companies would fix things a lot faster of their names were being broadcast everywhere. And as a potential customer of investor, I'd sure like to know who they are.

  10. John Savard

    The Obvious Mistake

    The replacement servers should act like the wi-fi servers in my local public library...

    redirect, initially, everything to a page that says your computer is infected, push this button to acknowledge the problem to surf normally.

    Of course, many people will think the warning page is part of a virus plot, but it is due to a virus... so they'll clean their machines anyways.

  11. Anonymous Coward
    Anonymous Coward


    Is The Reg continuing to publish this non-story??

    1. Ken Hagan Gold badge

      Re: Why?

      Perhaps because after two court orders, FBI intervention and numerous articles in the IT press, apparently there are still people earning a salary as an "IT admin" at Fortune 500 companies that haven't heard. Either that or, as suggested above, there are boxes attached to their company network that they don't know about.

      DNSChanger is not the story here.

  12. This post has been deleted by its author

  13. Robert A. Rosenberg
    IT Angle

    Why is Hostmaster not being told?

    Why is are the logs on the DNS machines not being reviewed and the connecting machines being reverse-DNS'ed so as to ID the domain owner. A warning message to the role accounts as well as the Whois listed Tech Contact Role with a heads-up would seem to be a good idea to me.

    1. Marty

      Re: Why is Hostmaster not being told?

      Why is are the logs on the DNS machines not being reviewed and the connecting machines being reverse-DNS'ed so as to ID the domain owner. A warning message to the role accounts as well as the Whois listed Tech Contact Role with a heads-up would seem to be a good idea to me.

      you mean do their job for them?

  14. Anonymous Coward
    Anonymous Coward

    Seems to me like we need a....

    Remedial TCPIP training?

This topic is closed for new posts.

Other stories you might like