Thread: Malware may knock thousands off Internet on Monday

Malware may knock thousands off Internet on Monday

By Lolita C. Baldor, Associated Press
Updated 5h 49m ago

WASHINGTON (AP) — The warnings about the Internet problem have been splashed across Facebook and Google. Internet service providers have sent notices, and the FBI set up a special website.

But tens of thousands of Americans may still lose their Internet service Monday unless they do a quick check of their computers for malware that could have taken over their machines more than a year ago.

Despite repeated alerts, the number of computers that probably are infected is more than 277,000 worldwide, down from about 360,000 in April. Of those still infected, the FBI believes that about 64,000 are in the United States.

Users whose computers are still infected Monday will lose their ability to go online, and they will have to call their service providers for help deleting the malware and reconnecting to the Internet.

The problem began when international hackers ran an online advertising scam to take control of more than 570,000 infected computers around the world. When the FBI went in to take down the hackers late last year, agents realized that if they turned off the malicious servers being used to control the computers, all the victims would lose their Internet service.

In a highly unusual move, the FBI set up a safety net. They brought in a private company to install two clean Internet servers to take over for the malicious servers so that people would not suddenly lose their Internet.

But that temporary system will be shut down at 12:01 a.m. EDT Monday, July 9.

Most victims don't even know their computers have been infected, although the malicious software probably has slowed their Web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.

But popular social networking sites and Internet providers have gotten more involved, reaching out to computer users to warn of the problem.

According to Tom Grasso, an FBI supervisory special agent, many Internet providers are ready for the problem and have plans to try to help their customers. Some, such as Comcast, already have reached out.

The company sent out notices and posted information on its website. Because the company can tell whether there is a problem with a customer's Internet server, Comcast sent an email, letter or Internet notice to customers whose computers appeared to be affected.

Grasso said other Internet providers may come up with technical solutions that they will put in place Monday that will either correct the problem or provide information to customers when they call to say their Internet isn't working. If the Internet providers correct the server problem, the Internet will work, but the malware will remain on victims' computers and could pose future problems.

In addition to individual computer owners, about 50 Fortune 500 companies are still infected, Grasso said.

Both Facebook and Google created their own warning messages that showed up if someone using either site appeared to have an infected computer. Facebook users would get a message that says, "Your computer or network might be infected," along with a link that users can click for more information.

Google users got a similar message, displayed at the top of a Google search results page. It also provides information on correcting the problem.

To check whether a computer is infected, users can visit a website run by the group brought in by the FBI: DCWG | DNS Changer Working Group .

The site includes links to respected commercial sites that will run a quick check on the computer, and it also lays out detailed instructions if users want to actually check the computer themselves.

———

Online:

To check and clean computers: DCWG | DNS Changer Working Group

Comcast Warning: DNS Changer Bot FAQ. - Comcast Help and Support Forums

Google: Google Online Security Blog: Notifying users affected by the DNSChanger malware

Facebook: Notifying DNSChanger Victims | Facebook

Malware may knock thousands off Internet on Monday

Everyone ready?

PSA: Evict DNSChanger now or lose the web Monday

Chris Davies, Jul 8th 2012

Today’s malware has a deadline: get rid of DNSChanger now, or come Monday, July 9, you may find yourself without access to the internet altogether. Hundreds of thousands of computers around the world have been infected by the trojan, which changes DNS settings – among other things – so as to route web traffic through compromised servers. Now, the FBI is preparing to pull the plug on those servers – and many people’s internet connection with them.

Since the FBI and other law enforcement agencies seized control of the botnet behind DNSChanger, a temporary DNS server network has been running in its stead so as to keep infected users online. That network will cease operating on Monday.

“The botnet operated by Rove Digital altered user DNS settings, pointing victims to malicious DNS in data centers in Estonia, New York, and Chicago. The malicious DNS servers would give fake, malicious answers, altering user searches, and promoting fake and dangerous products. Because every web search starts with DNS, the malware showed users an altered version of the Internet” DNSChanger Working Group

The best news is, checking for a DNSChanger infection on your system and, if found, getting rid of it is straightforward. First step is heading to dns-ok.us in your browser: that will tell you whether or not there’s a sign that your computer has been infected. If it’s green, you’re in the clear (though it’s probably still worth forwarding this article on to friends and family – particularly net-confused parents – who might need some assistance checking their own machines).

If it’s red, however, you have a DNSChanger problem. Thankfully there are multiple options to get rid of it: Microsoft has a tool, as do key anti-virus vendors such as McAfee and Norton. There’s a full list of them here, and usually it’s just a case of downloading and running an app to get your computer back on an even keel.

PSA: Evict DNSChanger now or lose the web Monday - SlashGear

DNS Changer virus threat passes; no significant outages

By ron Acohido, USA TODAY Updated 13m ago

The threat posed by DNS Changer, the headline-grabbing Internet doomsday virus, has fizzled. But tech security analysts warn that there are even more sinister viruses around.

No significant outages were reported on Monday as the FBI removed a safety net erected last November to protect some 577,000 Windows PCs.

Without the FBI's safety net, those PCs would have been cut off from accessing the Web, as authorities moved to dismantle the rogue servers that criminals were using to control DNS Changer-infected machines.

A minute after midnight on Monday, some 277,000 PCs, including 64,000 in the U.S., remained infected and at risk as the FBI took down its safety net. That's a tiny fraction of the billions of Internet-connected computers and mobile devices.

Also, Internet service providers have been hustling to alert victims and help them stay connected, says Dan Brown, senior researcher at tech security firm Bit9. "Most of the major ISPs have been cooperating with the FBI," says Brown. "They … have a vested interested in keeping their customers from being disconnected."

In the teeming cyberunderground, DNS Changer isn't as potent as it was a year ago, when it first surfaced. That's partly because most major anti-virus products have been tuned to watch for it and clean it up, says Johannes Ullrich, chief research officer at the SANS Security Institute.

Meanwhile, Google, Facebook and Comcast have been issuing alerts directing potential victims to an FBI-approved website: DCWG | DNS Changer Working Group. It has links to services that will run a quick PC check, as well as guidelines to remove the infection.

Even after removing the infection, victims may still have to manually repair their "DNS settings." The instructions direct Windows PCs to the servers that convert a Web page's textual name to its numerical IP address. The DNS Changer virus corrupted those settings.

"The DNS settings check isn't that difficult," says security blogger Dennis Fisher, editor-in-chief of Threatpost.com. "Anyone who can navigate through the control panel should be able to do it. It's just a matter of clicking through a few dialogue boxes."

Federal authorities hope that despite the aftermath of DNS Changer, public awareness gets a boost. The main lesson: Internet threats keep multiplying, and users must carry part of the burden for staying safe.

"DNS Changer is last year's malware," Ullrich says. "Only about 0.01% of Internet users are affected by it. About 100 times more users are infected by more dangerous, current malware without knowing that they are infected."

DNS Changer virus threat passes; no significant outages