The Internet itself will not die on July 9. It could, however, go dark for thousands of computers infected with a particular piece of malicious software, if they aren’t repaired first.
Thousands of computers worldwide, both PCs and Macs, are known to be infected with DNSChanger, a type of malicious software (malware) known as a Trojan. These computers have had their DNS (Domain Name System) settings changed, resulting in victims being redirected to servers run by criminals, which hosted fake websites. These websites, often looking like legitimate commerce sites, persuaded victims to buy bogus products like phony pharmaceuticals, rogue antivirus packages and worthless PC cleaner programs.
Your computer uses DNS to find websites. Website addresses are actually strings of numbers called IP addresses, not words. When you enter the name of a website into your browser, your computer connects to a DNS server, which is a computer dedicated to one purpose: translating website names into numbers, and connecting you to the desired website. Instead of typing 75.125.227.115, you simply type google.com, the DNS server does the number-translation chore and off you go.
At its peak, DNSChanger had infected 4 million computers. What makes this story unique is that the bad guys running the DNSChanger botnet were actually caught, but not before scamming victims out of $14 million. Fortunately, the crime spree was ended by the FBI, in cooperation with law enforcement agencies in other countries. The crooks who wrote the DNSChanger Trojan, and who operated the botnet, were in Estonia, while the DNS servers they controlled were located in the United States.
What’s weird about this situation is that the FBI still runs the bad guys’ old DNS servers. That’s right, the servers that the bad guys were using to rip off their victims were taken over by the FBI and are still in use today. The DNSChanger botnet is being controlled by the FBI.
There’s a good reason for the weirdness, though. After busting the bad guys, the FBI and their law enforcement pals realized that if they turned off the DNS servers for good, 4 million computers would be totally disconnected from the Internet. It took a court order to do it, but the FBI got permission to run the servers themselves for a limited time, albeit without the bogus websites. This gave the 4 million computer owners the chance to get rid of the DNSChanger Trojan and get back to the “normal” Internet.
The benevolence doesn’t last forever, though. The court order expires July 9, which means that the bad guys’ old DNS servers will finally be turned off. For those computers that have not been cleaned up, the Internet will truly die, because the FBI will no longer be spoon-feeding them website addresses. They will have no Internet access until they are fixed.
Estimates are at least 84,000 computers in the U.S. are still infected by DNSChanger, and a few hundred thousand around the rest of the world. Is your computer infected? Do you know? There’s an easy way to find out.
Go to www.dcwg.org, and click the “Detect” button. The test only takes a few seconds, and could be the difference between a happy Internet experience, or, on July 9, no Internet at all.