It’s a scary thought, having the Internet forcibly shut off for you. But it’s just what some Fortune 500 companies and government agencies could face as the Federal Bureau of Investigation tries to get rid of an extremely malicious computer virus.
Krebs on Security reports that the malware — DNSChanger Trojan — infected more than 4 million computes in more than 100 countries thanks to the work of six men who were arrested in Estonia for the crime in Nov. 2011. Gizmodo reports that the virus causes the user to be sent to fraudulent websites by changing DNS settings and even prevents them from visiting security sites that could help rid them of the virus.
In the United States, a half a million computers were reportedly infected with a security firm finding at least one infection in half of the Fortune 500 companies and 27 government agencies. What’s to be done? Krebs on Security reports that any computer still infected by March 8, 2012, will have Internet service disconnected from it:
“Yes, there are challenges with removing this malware, but you would think people would want to get this cleaned up,” said Rod Rasmussen, president and chief technology officer at Internet Identity. “This malware was sometimes bundled with other stuff, but it also turns off antivirus software on the infected machines and blocks them from getting security updates from Microsoft.”
Computers still infected with DNSChanger are up against a countdown clock. As part of the DNSChanger botnet takedown, the feds secured a court order to replace the Trojan’s DNS infrastructure with surrogate, legitimate DNS servers. But those servers are only allowed to operate until March 8, 2012. Unless the court extends that order, any computers still infected with DNSChanger may no longer be able to browse the Web.
Rasmussen said there are still millions of PCs infected with DNSChanger. “At this rate, a lot of users are going to see their Internet break on March 8.”
Krebs reports the FBI saying that it is currently working on ideas to minimize impact on users in that event. Rasmussen says that cleanup, even if the deadline is extended, will still take a long time given the number of computers and says in addition to being “an interesting social experiment”, it would be a faster fix.
Gizmodo reports that once you know you’re computer has a problem, that the fix isn’t too painful or time consuming. You can check to see if you’ve been “victimized” here.
U.S. Attorney Preet Bharara said in November that this case was first of its kind because the suspects set up their own “rogue” servers to secretly reroute Internet traffic to sites where they had a cut of the advertising revenue.
“Without the computer users’ knowledge or permission, the malware digitally hijacked the infected computers to facilitate the fraud,” the indictment says.
Once their computers were infected, people seeking to visit Netflix, the IRS, ESPN, Amazon and other legitimate sites were redirected to sites where the defendants collected income for each click on an ad, authorities said. The malware and corrupted servers also allowed the defendants to substitute legitimate ads on other websites with replacement ads that earned them more illicit income, they added.
The Associated Press contributed to this report.