Fri July 6, 2012
'Malware Monday' Just Another Day On the Internet For Most of Us
Originally published on Fri July 6, 2012 1:32 pm
Beware of "Malware Monday." But don't be too concerned.
If you're unlucky enough to own a PC that's been infected by the DNSChanger malware (and still hasn't been disinfected), you could be out of luck when you try to connect to your ISP on Monday. Estimates vary about the number of computers infected. In the U.S., we're seeing anything from about 45,000 to 64,000, and somewhere in the neighborhood of a quarter-million worldwide.
According to Wired, DNSChanger redirects browsers of infected users and ...
the malware also prevents infected machines from downloading operating system and antivirus security updates that could detect the malware and stop it from operating. When an infected user's machine tries to access a software update page, a pop-up message says the site is currently unavailable.
Authorities have known about DNSChanger for some time and have taken steps to keep it in check. It all began when hackers ran an online advertising scam to get access to more than 570,000 computers around the world. The Associated Press explains:
When the FBI went in to take down the hackers late last year, agents realized that if they turned off the malicious servers being used to control the computers, all the victims would lose their Internet service.
In a highly unusual move, the FBI set up a safety net. They brought in a private company to install two clean Internet servers to take over for the malicious servers so that people would not suddenly lose their Internet.
The two Internet servers set up to temporary tackle the problem will be shut down as of 12:01 a.m. EDT Monday, July 9.
As Time magazine notes:
... when the two servers do go dark, computers still infected with the malware — currently dependent on those FBI servers to access the Internet — will lose their ability to translate web addresses into IP addresses. For these people — a number some are still calling as high as half a million, but which experts place at less than 250,000 worldwide (and well below 70,000 in the U.S.) — that means any network requests made using web addresses won't work.
But really, don't panic. The number of PCs still infected with DNSChanger is exceedingly small, and many Internet providers have already prepared themselves and their customers to keep the data stream moving along smoothly, according to Tom Grasso, an FBI supervisory special agent.
The FBI has set up a website designed to alert you if your computer is infected with DNSChanger, http://www.dcwg.org, but you're on your own for an anti-virus to clean it up.