Friday, April 27, 2012

Is the FBI taking down the Internet?

Last year, the FBI nabbed the hacker group responsible and replaced the malicious servers with clean servers. This was a temporary solution to give people with infected computers time to remove the virus.

Unfortunately, many people still haven't taken action. When the FBI shuts down the temporary servers on July 9, those people could lose Internet access.

Tens of thousands of computers are infected with a virus called DNSChanger, which redirects their Internet traffic to malicious domain name servers.

Why is that a problem? Well, the DNS, or Domain Name Server system, is a critical part of how the Internet works.  A DNS server turns domain names into IP addresses that computers use to contact websites.

In other words, a DNS server is like your cellphone's address book. The address book has the names and phone numbers of all your friends and family. You just pick the name you want and the phone dials the number.

Normally, your computer connects to your Internet service provider's DNS servers. DNSChanger, however, modifies your computer's DNS settings to use hacker-run DNS servers.

The hacker-run servers send you to malicious websites filled with viruses and spam, or substitute legitimate site ads with malicious ads. Imagine someone got into your phone's address book and changed all the numbers to 900 numbers. The names in the address book are the same, but the phone numbers are all wrong. Yikes!

Back in November, after a two-year investigation, the FBI arrested a major group of hackers involved in this DNSChanger scheme and confiscated its servers. The FBI replaced the malicious DNS servers with temporary, clean DNS servers.

The idea was that this would keep infected computers safe while the users removed DNSChanger. Unfortunately, few people bothered to clean their computers.

It's estimated that 50 percent of Fortune 500 companies and government agencies still have computers with DNSChanger installed. That doesn't count all the personal computers that still have it, which is estimated at 500,000. That actually isn't that much by malware standards, but it's still significant.

Currently, the FBI is scheduled to shut down the temporary DNS servers on Mar. 8. That's when the FBI's court order for the operation expires. There is a chance, however, that it might receive an extension.

When those DNS servers shut down, all the computers and websites still using them will be knocked off the Internet. That might include your computer or sites that you visit.

What can you do? Well, you can make sure your computer doesn't have DNSChanger installed.

Pay a visit to http://dns-ok.us   This site will indicate if your computer is looking up websites correctly. If it shows green, then you shouldn't have anything to worry about.

Here's the bad news: DNSChanger might prevent you from visiting security software websites. It will also complicate things if your Internet connection is down.

If that happens, download the security programs on another computer and then transfer via flash drive. In extreme cases, you might need a last-ditch solution like Microsoft Security Sweeper.

Once the virus is gone, your computer should revert to the original DNS settings. If it doesn't, you'll need to contact your ISP to learn what DNS settings you should be using.

No comments:

Post a Comment