Skip to: Content
Skip to: Site Navigation
Skip to: Search

DNSChanger cutoff is more whimper than bang. Score one for the good guys.

Cutting off Internet access to computers infected with the nasty DNSChanger trojan did not bring about doomsday after all. Why, beyond the obvious, that's good news in the cybersecurity world.

By Staff writer / July 9, 2012

This image provided by The DNS Changer Working Group shows the web page resulting from not having the DNSChanger malware. In what many news outlets were hyping as an 'Internet doomsday,' the US government moved to cut Internet service on Saturday to machines that were infected with the malware.

DNC Changer Working Group/AP/File


Do more than 200,000 computer users worldwide make any sound if they can't connect to the Internet? Apparently not – or not much, anyway.

Skip to next paragraph

Despite a slew of hyperbolic headlines proclaiming Sunday at midnight to be an "Internet doomsday," the clock struck 12 and …   there was no massive digital meltdown. (Although there may have been some emotional outcries that carried only as far as home-office walls.)

At least one cybersecurity executive is hailing the lack of resulting drama Monday as a “victory of shared collective intelligence.”

The non-catastrophe unfolded when, as expected, computer servers that for eight months had supplied malware-infected computers worldwide with a temporary Internet connection, were finally shut down Sunday night following a federal judge's order.

During those eight months, Google, Facebook, the FBI, Internet service providers (ISPs), and others had bombarded some 4 million computer users worldwide with e-mails and other notices warning them that their machines were infected with a nasty trojan called the DNSChanger.

Apparently that public information campaigned worked pretty well. By late last month, just 250,000 computers worldwide remained infected with DNSChanger, the creation of a cybergang bent on defrauding Internet advertisers.

Even so, as of Sunday night just before the cutoff, 210,851 computers and routers worldwide still remained infected with DNSChanger, among them 41,557 computers and routers in the US. All seemed bound to have the plug pulled on their Internet service.

But, while some users doubtless felt the axe fall –  others saw their ISPs step into the breach after the FBI cut off access. Spokesmen for AT&T and Verizon both told PCWorld magazine the companies had stepped in to keep on supplying service – the former through the end of the year, the latter through the end of July – giving infected-computer users yet another break.

Instead of returning home from work Monday to discover they cannot update Facebook or download cute puppy videos, many users of the 41,000 affected US computers will as a result still be able to connect to the Internet for a while longer – another chance to clean up their infected machines.

For cybersecurity experts and the FBI, though, the muted sound is bliss – it means that most of the problem had been cleaned up in advance without a major implosion.


Read Comments

View reader comments | Comment on this story

  • Weekly review of global news and ideas
  • Balanced, insightful and trustworthy
  • Subscribe in print or digital

Special Offer


Doing Good


What happens when ordinary people decide to pay it forward? Extraordinary change...

Danny Bent poses at the starting line of the Boston Marathon in Hopkinton, Mass.

After the Boston Marathon bombings, Danny Bent took on a cross-country challenge

The athlete-adventurer co-founded a relay run called One Run for Boston that started in Los Angeles and ended at the marathon finish line to raise funds for victims.

Become a fan! Follow us! Google+ YouTube See our feeds!