DNSChanger Malware Could Take You Off The Internet
The reason for this dates back to when six Eastern European cybercriminals created crimeware that infected approximately 4 million personal computers around the globe.
Discovered in 2005, the crimeware, called DNSChanger, allowed the criminals to manipulate users’ web activity by controlling their Domain Name System (DNS) which is what allows users to browse websites or send e-mail.
If a computer infected with DNSChanger tried to access an online site, like iTunes, they would be misdirected. According to the U.S. Government:
“When users of infected computers clicked on the link for the official website of iTunes, for example, they were instead taken to a website for a business unaffiliated with Apple Inc. that purported to sell Apple software.”
The cybercriminals were able to make money off of their schemes and also took business away from legitimate website operators and advertisers.
While the cyber criminals behind the operation were taken into custody in 2011, the story didn’t end there.
The FBI, which was central to stopping the operation, took control of the US based network of rogue DNS servers and then in what the AP reported was a “highly unusual move,” it set up the safety net.
“The bureau brought in a private company to install two clean Internet servers to take over for the malicious servers so that people would not suddenly lose their Internet,” the AP reported.
Because only a fraction of the machines infected with the crimeware had been fixed by March, the FBI got a reprieve to extend the time period of the safety net then, the Christian Science Monitor reported.
However, that extension has now expired and has not been renewed. While another reprieve could be granted Monday, if not, according to Christian Science Monitor, “it is suggested that 270,000 to 500,000 machines worldwide – perhaps a quarter of those in the US – had not been cleaned up as of late last month.”
Of those, Christian Science Monitor reported, “12 percent of all Fortune 500 companies and 4 percent of “major” US federal agencies still have infected computers.”
There are several reasons that these computers may still be infected, PC Magazine reported.
For one, despite the fact that the crimeware caused slower web surfing and also disabled antivirus software, many victims didn’t know their computer was infected.
Also, PC Magazine reported:
“It's possible that some of the users are aware of the infection but have had no luck with the cleanup process. Perhaps they manually checked their computer's DNS settings and didn't see any malicious IP addresses, or they ran security scanning software and came up empty.”
In addition, Newser reported that some people, worried about conspiracy theories have ignored the warnings.
“Some people simply don't trust the government, and believe that federal authorities are only trying to spy on them or take over the Internet. Blogs and other Internet forums are riddled with postings warning of the government using the malware as a ploy to breach American citizens' computers. That's a charge the FBI and other cybersecurity experts familiar with the malware quickly denounce as ridiculous.”
For those who still have not yet checked their computers, there is still time. They can go to the FBI-run DNS-OK.US to see if their computer is infected.
If however, despite precaution, your browser does shut down tomorrow, the AP reported that many Internet providers have plans to try to help their customers.
"Some may put technical solutions in place that will correct the server problem. It they do, the Internet will work, but the malware will remain on victims' computers and could pose future problems," the AP reported.
Read more Neon Tommy coverage about the internet here.
Reach Executive Producer Jackie Mansky here.