Will your Internet be cut off by DNS Changer Monday? How to find out.
Computers still infected by the DNS Changer malware using an Eastern European advertising scam won't be able to access the Internet Monday, when the FBI is expected to shut down the servers that ran the operation. But there's a fix.
Tens of thousands of personal computer users across the US – among more than a quarter-million worldwide – could be caught by surprise Monday when their web browser shows only a blank screen, cut off from the Internet by a federal judge's court order.Skip to next paragraph
Subscribe Today to the Monitor
The reason behind the cutoff scheduled for 12:01 a.m., Eastern Daylight Time Monday, is a complex tale – a story of Eastern European cybercriminals whose carefully crafted crimeware burrowed into some 4 million personal computers around the globe.
Now, the FBI, which engineered the takedown and is now in charge of the cybergang's US-based network of rogue computer servers, is set to shut them down, even though many victims have not yet cleansed their computers of the malware that hijacks their browsers and sends them to the fraudulent servers.
The FBI managed to get a reprieve in March, arguing that only a fraction of the machines had been fixed. Another reprieve could be granted Monday. If not, estimates suggest that 270,000 to 500,000 machines worldwide – perhaps a quarter of those in the US – had not been cleaned up as of late last month. Some 12 percent of all Fortune 500 companies and 4 percent of “major” US federal agencies still have infected computers, according to Internet Identity, a cybersecurity firm in Tacoma, Wash.
"This is an important moment in Internet enforcement," says Alan Paller, director of research for the Sans Institute, a cybersecurity education organization based in Bethesda, Md. "For the first time I can remember government is involved and is telling citizens to protect themselves."
Identifying whether your machine is infected with the DNS Changer malware isn't difficult. Users should click on the DNS Changer Working Group site, then follow instructions. There are also software tools to clean up the problem. But the cleanup isn't a piece of cake, experts say.
One of the things DNS Changer Trojan did beside forcing computers to find the wrong websites on the Internet was to turn off their antivirus updates – and to download to those machines a raft of other malware.
"Unfortunately, most of those that still have infected machines are going to find out the hard way on Monday – they'll be cut off – and have to take their machines to a local computer store to get it cleaned up," says Rod Rasmussen, president of Identity Internet. "The biggest danger for most people isn't going to be the DNS Changer itself, but all the other things that got installed."