July 7, 2012    /    by

What Can We Learn from Malware Monday?

Over the past few weeks, global news outlets have been warning users about Malware Monday and the pending Internet shutdown on July 9, 2012, for computers still infected with the DNSChanger malware. While the issue is certainly real, this blogger believes many headlines were (and still are) too alarmist. Can we learn anything from this?

Over the past few weeks, global news outlets have been warning users about Malware Monday and the pending Internet shutdown on July 9, 2012, for computers still infected with the DNSChanger malware. While the issue is certainly real, this blogger believes many headlines were (and still are) too alarmist.

For example, I view much of this material as “Fear, Uncertainty and Doubt” (FUD):

NY Daily News: How to avoid Monday’s Malware Meltdown? (I like the picture of a dark room full of computers with one user PC working.)

Discovery News: Malware May Kill Your PC (Other sites linking to this story added the word “massive” up front. Nice.)

ArticleCell.com : Could Your PC be Heading to Malware Armageddon on July 9? (Armageddon, really?)

Even, our own … Government Technology:  Are you safe from Internet Doomsday?

I find most of these articles to be somewhat informative, attention-grabbing and overblown in spreading fear. I worry that we are using up our (very few) cybersecurity industry silver bullets on the wrong Internet “crisis.” There are plenty of very, very serious problems online right now, but I would not put Malware Monday at (or near) the top of the list.

One could even make the argument that this malware event is even self-imposed, in that the FBI is turning off servers which they could leave running a bit longer to avoid “Monday’s Malware Meltdown.” Note: I’m writing this article on Saturday, July 7, and the courts could still order more time before the FBI turns off the servers.

Indeed, I could argue this "hold off a bit longer" point from either side, and there are polls which ask if the FBI should allow more time.  Almost 90% of those taking the survey think it is time for the FBI to pull the workaround plug – and several good articles give reasons why.

All signals point to an event Monday that will impact a few thousand people who haven’t been paying attention but not the majority of us. I will be shocked if any major U.S. companies are paralyzed or out of business on Monday morning because of DNSChanger malware problems.

How Should We Prepare?

I like the tone of National Public Radio (NPR), which led with the headline: Malware Monday Just Another Day on the Internet for Most of Us.

The article begins, “Beware of Malware Monday on the Internet, but don’t be too concerned.”

If you still want to check your PC’s status, visit: www.dcwg.org or even easier www.dns-ok.us

In Michigan government, we have been working this problem since last year, and we have been coordinating action with the FBI and MS-ISAC – like most state and local governments. We also sent out notices to our customers and agency public information officers (PIOs) about the situation and what to do in the event of a problem on Monday. We believe that we are ready.  

What Can We Learn From Malware Monday?

I'm taking a bit of a chance by writing lessons learned about an upcoming event that hasn’t even played-out yet, but I believe that I can safely mention some items. I am making a few assumptions about what will likely happen, specifically that some people will lose Internet access, but most people will be fine online.

Nevertheless, here are seven enterprise takeaways from the handling of the overall DNSChanger situation:

1)      DON’T be a laggard regarding known Internet fixes - Follow industry guidelines and accepted practices in resolving malware and you won’t have to worry about these fix deadlines. (Most companies resolved this issue many months ago and are not very concerned about this Monday.)

2)      Workarounds may still be around (and last) longer than you think. Ask the FBI, who wanted to turn off their “temporary fix” back in March. These types of situations come up fairly often in large enterprises, especially if we are supporting legacy systems and older technology.

3)      Beware public decrees of “Internet Doomsdays.” Cut back on internal FUD, where possible. Over time, these global pronouncements sound as if we are crying wolf, if we are not careful. Indeed, many of our customers already believe that we declare a crisis multiple times a year. They are starting to yawn.

4)      DON’T – Over-react to headlines and claims. Do your homework. How will this affect your enterprise? Coordinate with all relevant parties to understand roles / responsibilities.

5)      DO – use well-researched facts to calmly deliver timely messages to customers when needed. Help them understand the ramifications at both home and work. What can they do to resolve the situation? How can they prepare? What are you doing? What’s next?

6)      DO – Communicate in informal and formal ways. Become a trusted partner who can decipher scary headlines for users. Make lemonade out of the lemons. Use the front-page stories to get your key messages out – while everyone is hearing about these topics on the front pages of USA Today and the Washington Post and on TV.   

7)      DO - Test plans, run exercises, use scenario planning and more to be ready in case the “what if” worst case does happen. Or, are you truly prepared for outages, disasters and more? Talk to your teams and various options and solutions.

In conclusion, I like this quote from Zig Ziglar. “Expect the best. Prepare for the worst. Capitalize on what comes.”

 

UPDATE: Monday, July 9, 2012 at 7 AM (EST) - So far there have been minimal reported disruptions online related to Malware Monday and DNSChanger. We are still too early for final judgments, but so far so good regarding the Internet's overall functioning. There continue to be scary headlines and articles being displayed this morning from global news organizations and newspapers, such as Malware on Monday Update: Internet Service Providers brace for shutdown calls. Top searches continue to lead to this article from July 6, from the United Kingdom: Could the Internet Really Shut Down?  

 

UPDATE: Monday, July 9, 2012 at 6 PM (EST) - As expected, reports of impacts on the Internet from Malware Monday have been minimal - even a bit less than I anticipated overall. ISPs are playing down any service disruptions that have been experienced by their customers. It is now clear that the doomsday scenarios were hype regarding DNSChanger. Yes, the threats successfully received global press attention, but these widespread headlines may cause future (real) Internet alarms to be ignored. I certainly stand behind the above "lessons learned" - with even more conviction now.  

 

FINAL UPDATE: Tuesday, July 10, 2012 at 6 AM (EST) - Malware Monday officially ended a few hours ago, and the LATimes reported that the DNSChanger Malware may have affected about 47,000 Americans -who had difficulty connecting to the Internet. The news surrounding the event was mostly hype, according many news sources. Time to move on to new topics.