FBI Shuts Down DNS Servers in 'Internet Doomsday'
Created: 2012-07-10 11:51 EST
DNSChanger Infections (ShadowserverOps/Youtube)
Some 350,000 people may have lost internet access yesterday (July 9), as the FBI shuts down servers it had seized last year.
Many computer analysts suspected that computers still infected with the DNSChanger malware would lose internet service, with those browsers attempting to access the now-offline DNS servers.
However, early reports suggest that there has been little distruption in internet service worldwide.
On November 8, the FBI and Estonian authorities seized data centers in Chicago, New York, and Estonia in part of a cyber-fraud case. Six Estonian nationals were charged and arrested. One Russian national, also charged in the case, remains at large.
The cyber criminals allegedly used the DNSChanger trojan virus to infect millions of computers, affecting both Macs and PCs. At least 500,000 of those were in the US, including those of government agencies and corporate businesses, according to the FBI.
Generally, a browser reads a domain name and attempts to translate it into a numerical value, i.e. an IP address. To find the address, the computer contacts a DNS server specified by its settings. If that server cannot find the address, it will contact other services to resolve it.
The malicious code changed DNS settings of infected computers, using their own DNS service to send users to fraudulent websites.
For example, legitimate advertisements displayed on websites were replaced with advertisements that would pay the cybercriminals. Some retail websites would be redirected to unofficial, illegitimate vendors.
The web traffic garnered by the virus netted the Estonian group $14 million.
The virus also prevented users from visiting some cybersecurity websites that could have fixed the problem.
The FBI received a court order, allowing it to set up temporary servers so that users of infected computers - an estimated four million - had time to clean their systems of the malware. The agency worked with government officials in many countries to promote the removal of the malware. However, the agency shut down the servers today, though hundreds of thousands of computers are thought to still be infected.
The largest number of infected computers are in the United States, followed by European nations and India, according to the DNS Changer Working Group.
You can visit http://www.dcwg.org for instructions to see if your computer is infected or for removal of the malware.