FBI Steps Up "Internet Doomsday" Awareness Malware Campaign

FBI says infected users must deal with DNS changer malware or risk losing Internet in July.

By Jared Newman
Mon, April 23, 2012

PC World — PC users infected with a strain of malware called DNS Changer will face their own personal Internet doomsday in July unless they disinfect their computers, the FBI warns.

Users have until July 9 to rid themselves of the DNS Changer malware, which can infect Windows PCs and Macs alike. After that, the FBI will throw a switch that prevents infected computers from accessing the Internet.

It's not as Big Brother as it sounds. DNS Changer is a Trojan that surfaced in 2007 and infected millions of machines. The malware would redirect computers to hacker-created Websites, where cyber-criminals sold at least $14 million in advertisements. DNS Changer also prevented computers from updating or using anti-virus software, leaving them vulnerable to even more malicious software.

Last November, in one of the biggest cybersecurity takedowns ever, the FBI arrested six Estonian nationals that allegedly ran the clickjacking fraud, and seized the rogue DNS servers where infected users were being redirected. The FBI has put up surrogate servers in place of the malicious ones, but only temporarily.

Now, the FBI wants to shut down those servers. Doing so would prevent infected PCs from reaching the Web, because they'll be trying to redirect through servers that no longer exist. Although the Feds aren't shutting down the Internet, they will be severing the link on which infected users have relied.

The FBI originally planned to shut down the malicious servers in March, but last month a federal judge ordered an extension to July to give users, businesses and governments more time to deal with DNS Changer. As of February, half of all Fortune 500 companies owned computers infected with DNS Changer, according security firm Tacoma. The DNS Changer Working Group estimates that more than 350,000 devices are still infected.

If users don't rid themselves of DNS Changer before the July 9 server shut down, they'll have to load anti-virus software on their computers by disc or USB drive. That could be a major headache for users who don't have access to a second PC for downloading anti-virus software.

To find out if you're infected, visit the DNS Changer Check-Up site, which checks the DNS resolution of your PC without installing any additional software. For infected users, the DNS Changer Working Group has a list of anti-virus software that can fix the problem, and Avira offers a repair tool specifically for DNS Changer.

Follow Jared on Twitter, Facebook or Google+ for even more tech news and commentary.

Originally published on www.pcworld.com. Click here to read the original story.
Our Commenting Policies