July 9. That’s the date the US FBI plans to shut down the Internet, for some users at least. In January, the FBI and Estonian authorities managed to shut down one of the largest malware infections seen to date. The major feature of this malware, called DNS Changer, is that it blocked users from conducting security scans. To circumvent this, the FBI established servers that allowed infected users to run scans to remove it from their computers.
While the source of DNSChanger has been removed, essentially killing it. There are still infected users out there who may have their Internet cut off in July if they don’t deal with it by then.
What is DNSChanger?
DNSChanger is a Trojan that hijacks a user's Internet, at the most basic level, the DNS. If a user enters a web address, DNSChanger will return a similar looking page, but with ads that are owned by hackers. Thus allowing them to manipulate online advertising to make money, around USD 14 million by the time they were shut down.
Aside from that, it also prevents users from visiting security websites, like mcafee.com, and downloading program and OS updates. As many as four million computers, including some Fortune 500 and government computers, have been infected worldwide.
What’s a DNS?
A DNS - Domain Name System - is a cruical service that converts domain names like www.google.com into code that computers can understand. The DNS essentially makes it easier for computers to talk with one another. Without it, any program or action that uses the Internet wouldn’t work.
What did the FBI do?
Because the malware affects the DNS, the FBI couldn’t just shut down the servers that the infected users’ computers talk to, as they wouldn’t be able to access any Web pages. So, they replaced the DNS servers that the hackers used with new ones. These servers will go offline in July, at which time, any user still connecting to the DNS servers, or who is still infected irregardless of their location, could be affected.
What should I do?
If you’re infected by this malware, and don’t remove it by July 9, your Internet access could be shut down. To prevent this, it’s important to contact your IT service provider and work with them to ensure your systems are clean, and security’s up to date.
Google plans to warn users they are infected by DNSChanger. When a user accesses one of Google's functions, like search, Google will show a message informing the users they may be infected and give some tips on how to get rid of it.
If you think your systems or network aren’t secure enough, please contact us, we are ready to help.