Heard the rumor that the FBI will shutting down the Internet on March 8? This dire warning is floating around blogs and websites. But relax, that’s not really the case, for now.
Millions of PCs have been infected by a global computer contagion known as DNSChanger and as a result were slated to have their life support yanked on March 8. But an order handed down Monday by a federal judge will delay that disconnection by 120 days to give companies, businesses and governments more time to respond to the epidemic.
Months after authorities shut down a massive Internet traffic hijacking scheme, the malicious software that powered the criminal network is still running on computers at half of the Fortune 500 companies, and on PCs at nearly 50 percent of all federal government agencies, new research shows.
But by early last month, it was becoming clear that actually more than 3 million PCs worldwide — including at least 500,000 in the United States — were still infected with DNSChanger. The company that released those estimates, security firm Internet Identity, reported that 50 percent of Fortune 500s and about half of all U.S. government agencies were still struggling with infections.
The malware, known as the “DNSChanger Trojan,” quietly alters the host computer’s Internet settings to hijack search results and to block victims from visiting security sites that might help scrub the infections. DNSChanger frequently was bundled with other types of malware, meaning that systems infected with the Trojan often also host other, more nefarious digital parasites.
The change could potentially leave a great number of Internet users without access to the Web.
…the feds replaced the criminals’ servers with clean ones that would push along traffic to its intended destination. Without the surrogate servers in place, infected PCs would have continued trying to send requests to aim at the now-unplugged rogue servers, resulting in DNS errors.
The reprieve came late Monday, when the judge overseeing the U.S. government’s landmark case against an international cyber fraud network agreed that extending the deadline was necessary “to continue to provide remediation details to industry channels approved by the FBI.”
Internet users can quickly see if their PCs are infected with DNSChanger by visiting one of several “eye check” sites, including this one. DNSChanger also infected Mac OS X systems and home routers; go here if you need instructions for checking those systems for infections. A larger network owner can find out if any PCs on the local network are infected by reaching out to one of the entities in the DNSChanger Working Group.
A signed copy of the court order extending the deadline until July 9, 2012 is available here. (PDF).
Statistics sourced via: Krebsonsecurity