PERFTECH REMOVES ISP WORKLOAD WITH AN AUTOMATED SOLUTION FOR THE DNSCHANGER PROBLEM BOTH PRIOR TO AND POST- JULY 9TH
(San Antonio, TX, July 2, 2012) – PerfTech, the leading supplier of in-browser subscriber communications for Internet Service Providers (ISPs), is supplying its ISP customers with a streamlined, dynamic solution to identify and address the DNSChanger malware problem in the time periods both before and after July 9th of this year.
The Go-Dark Problem
The implications of the DNSChanger virus, discovered in 2007, and the steps taken by the FBI to safeguard the security and operation of up to 4 million infected subscribers have been well publicized. The most pressing problem, however, is the imminent termination of the temporary, “safe” DNS servers that were set up by the Internet Systems Consortium (ISC) to permit a smooth transition during a remediation period. Those DNS servers will "go dark" on July 9th of this year, and subscribers who have not changed the rogue DNS server addresses in their equipment may go dark as well.
The ISP Workload
The ISC has been providing ISPs with batches of IP addresses of subscribers still using the temporary replacements for the rogue DNS servers. Each address, when presented to the ISP, represents some PC in some subscriber account that had that IP address on the date and time noted. For an ISP receiving up to thousands of IP addresses that are infected, the workload is not trivial: 1) look up the actual subscriber who had each IP address at the earlier time noted, 2) communicate to the subscriber that one or more of their home devices may be infected and what to do about it, and 3) keep communicating to the subscriber until the infection or at least the symptom is remedied, although the ISP has no dynamic way to determine whether the subscriber has taken action.
A Real-Time, Automated Solution
For ISPs that have deployed PerfTech's Bulletin System and Abuse Sentry application, those problems vanish. Abuse Sentry dynamically detects every subscriber accessing a temporary, safe DNS server, and identifies that subscriber not just by IP address, but by current subscriber account ID, providing the ISP with useful identifications and real-time statistics to track the scope of the infection in their network.
Real-time detection is coupled with instantaneous subscriber notification. Importantly, the notification appears in the browser of the specific machine that is infected; the customized notice includes links to more detailed information on the virus. Abuse Sentry continues to monitor and deliver an alert to any browsing device on the subscriber account that attempts to access the temporary DNS servers. Because subscribers of PerfTech ISP-customers are accustomed to receiving branded, in-browser communications from their providers, the alerts are recognized as credible and typically result in higher action rates than those attained through email notices.
The Post-July 9th Scenario
Because the July 9th deadline is fast approaching, some of PerfTech’s ISP customers plan to implement a redirect for modems requesting the safe, but soon to be dismantled, DNS servers to the ISP’s own DNS servers—a move similar to the FBI’s initial action, except only for the respective ISP’s subscribers, and hopefully for as short a period of time as possible. This action prevents any of their subscribers from going dark on July 9th, and permits PerfTech’s Abuse Sentry to continue to identify and notify those subscribers who have not yet taken remedial steps.
Jonathan Schmidt, PerfTech VP of Business Development, and an active member of the Messaging Anti-Abuse Working Group (MAAWG) for the past eight years, stated, “This solution gives our ISP customers a means to deal with the DNSChanger issue for both the immediate and short-term future; that is, both before and after July 9th. It gives ISPs an easy way to track the problem in real time, eliminate hours of manual operations, head off maybe thousands of support calls, and continue to address the DNSChanger malware problem until it is completely resolved.” The PerfTech platform is currently deployed in ISP networks serving approximately 15M subscribers worldwide, including many of North America’s top cable broadband providers.
PerfTech enables ISPs to forge a responsive and transparent relationship with their subscribers through proactive communications. The company’s patented Bulletin System allows ISPs to deliver time-critical messages directly to targeted subscribers’ browsers, whether wired, wireless, or mobile. Bulletin System is the leading solution for in-browser communications among top-tier Internet providers in the Americas. Privately held, PerfTech is headquartered in San Antonio, Texas. See http://www.perftech.com/