"It was frequently bundled with other nasty software, and consequently machines sickened with DNSChanger also probably host other malware infestations," Krebs writes. "Additionally, DNSChanger disables antivirus protection on host machines, further exposing them to online threats."
Vixie agreed. "It's been long enough to help every user who is capable of being helped. At this point whoever is remaining will need to lose service to get fixed," he said. But he added: "We could have used brownouts to get the point across more gently than the coming blackout. But this kind of 'tough love' is hard to get consensus on within an industry group like DCWG."
Chester Wisniewski said he thinks the warnings to victims could have been more visible. "Rather than operate the DNS in perpetuity they should have immediately cut over to a warning page. If a site is taken down for copyright violations, you get a splash page from Immigration and Customs Enforcement or Department of Homeland Security, etc.," he said. "Users should be directed to a warning page telling them that they are infected and direct them toward resources that can help clean them up."
For those who have ignored their infection and lose Internet on Monday, Vixie said they should, "call their technical support path."
The move is necessary, he said, because while the DNSChanger threat was essentially neutralized last November, "the victims are 'the botnet.'"
"I think of them as part of DNSChanger," Vixie said.
Read more about network security in CSOonline's Network Security section.