Hundreds of thousands of internet users may lose their access to the internet this summer, and they don’t even know it.
Thankfully there’s something simple that can be done about it, and it only takes a few clicks of a mouse to find out if you’re one of the affected users, the biggest problem is spreading the word, as most aren’t even aware that the problem exists.
Here’s the deal: last year the FBI and other authorities took down an international hacker ring that had been running an online advertising scam that had taken control of a network of over half a million infected computers around the world, all unbeknownst to the owners of said infected machines.
To prevent disruption in internet service for infected users, the FBI set up a safety net of clean servers, but on July 9th that system will be shut down, and users that have not addressed the problem before then will no longer be able to get online.
In an effort to address the problem, the FBI is urging everyone to please visit the website of one of its security partners, DCWG.org, to find out if your system is infected, and if so, how to fix the problem before the July 9th cut-off date.
Since the vast majority of victims are most likely unaware their computers have been compromised, getting the information to those who may need it has proved problematic. Signs that the malicious software might be on your machine are similar to most other symptoms of malware or viruses, including slower web surfing. Also, the infection could have even disabled your antivirus software without your knowledge, making you more prone to other threats.
According to the CBS article (based on the original AP report) on the incident, this is basically what happened:
Hackers infected a network of probably more than 570,000 computers worldwide. They took advantage of vulnerabilities in the Microsoft Windows operating system to install malicious software on the victim computers. This turned off antivirus updates and changed the way the computers reconcile website addresses behind the scenes on the Internet’s domain name system.
The DNS system is a network of servers that translates a web address – such as AP.org – into the numerical addresses that computers use. Victim computers were reprogrammed to use rogue DNS servers owned by the attackers. This allowed the attackers to redirect computers to fraudulent versions of any website. The hackers earned profits from advertisements that appeared on websites that victims were tricked into visiting. The scam netted the hackers at least $14 million, according to the FBI. It also made thousands of computers reliant on the rogue servers for their Internet browsing.
When the FBI and others arrested six Estonians last November, the agency replaced the rogue servers with Vixie’s clean ones. Installing and running the two substitute servers for eight months is costing the federal government about $87,000.
The number of victims is hard to pinpoint, but the FBI believes that on the day of the arrests, at least 568,000 unique Internet addresses were using the rogue servers. Five months later, FBI estimates that the number is down to at least 360,000. The U.S. has the most, about 85,000, federal authorities said. Other countries with more than 20,000 each include Italy, India, England and Germany. Smaller numbers are online in Spain, France, Canada, China and Mexico.
Vixie said most of the victims are probably individual home users, rather than corporations that have technology staffs who routinely check the computers.
To detect if your computer has been violated and infected with DNS Changer, visit: http://www.dcwg.org/detect/
(There is no software to download to check your machine, and if you are affected, the site provides information on how to resolve the problem free of charge.)
For additional information regarding the DNS changer malware, please visit the FBI’s website at: http://www.fbi.gov/news/stories/2011/november/malware_110911
I’ve already checked my machine, and was relieved to find that my computer is clean, but this is too widespread of an issue to ignore. Please pass the information on to all your friends and family, and of course, make sure you check your own machines as well, or come July 9th you may see a “page not found” error message in your browser whenever you try to connect.