The situation surrounding DNS Changer highlights some interesting issues. Unless end users remove DNS Changer malware from their machines, those machines will always try and connect to the DNS server addresses encoded in the malware. Today they’ll connect to “clean” DNS servers that replaced the hackers DNS servers as a result of a court order. But those servers are unlikely to remain in place. This means at some point infected machines will lose their Internet connectivity.
To prevent this from happening ISPs quickly initiated outreach programs to inform users infected with DNS changer malware they needed to remove it, or their Internet service would cease to work properly. The interesting thing is even when faced with disruption of their Internet service many end users were unwilling, or unable, to help themselves.
This has substantial implications for ISPs. For instance there are obvious costs for support calls and in some cases there could be a flood of calls because when the clean DNS servers are unplugged end users will feel the impact immediately – potentially within seconds. Calls related to DNS Changer could be especially costly since removing it is non-trivial, it might be necessary to provide extra assistance to more subscribers than usual to ensure it’s done properly.
Equally important is brand damage – some percentage of subscribers will unfairly blame their service provider for the problem DNS Changer causes no matter what (and in spite of numerous notifications they may have received!). These significant lingering impacts of DNS Changer and future malware that will inevitably replicate it underscore the need for new solutions.
So what else can be done if end users can’t always be depended on to respond quickly (or at all) when an infection needs to be removed from their machines? In medicine diseases can be treated with antibiotics and drugs, but many diseases can also be prevented altogether with vaccines or other methods. In networks a similar approach can be employed. Network operators can supplement existing processes for identifying and treating malware with additional protections that help prevent infections in the first place.
Increased emphasis on preventative medicine to deter malware, like annual flu shots, will yield disproportionate returns – especially as malware evolves and creates more problems that are visible to end users. Deployed as part of a broader platform strategy, additional subscriber and network protections can also support broader goals to reduce operational costs and promote subscriber loyalty.