WARNING: Is July 9th Your “Internet Doomsday”?
It’s July 9th, a Monday. You’ve poured your cup of morning coffee, and you’ve settled at your desk to begin your workday. As always, your first order of business is to check your email and visit the websites that make up part of your daily routine. But when you open your web browser, you get a “page not found” message. Your email inbox is strangely empty, too. Puzzled, you check again. And again. And again, a sense of panic growing in the back of your mind. Is the Internet broken?
If your computer is one of the thousands infected with DNSChanger malware, on July 9th you will find yourself utterly disconnected from the Internet, from the websites that you routinely visit, and from your email. Depending on how reliant you are on your Internet connection, this could be a disaster.
DNS is a service that’s crucial to the operation of the Internet. Put simply, DNS and DNS servers take a user-friendly text-format domain name and translate it into a numerical address that allows computers to talk to each other. DNS enables you to use the Internet, loading web pages and making it possible to send and receive email.
What is DNSChanger malware, and how did you get infected in the first place? The next two paragraphs go into a lot of detail on how it happened. If you are not interested in knowing the story, skip the next two paragraphs… just below we outline how to determine if you are infected.
What is DNSChanger malware?
A large international cybercrime ring operating under the company name “Rove Digital” distributed DNS changing viruses variously known as TDSS, Alureon, TidServ, and TDL4 viruses. The botnet operated by Rove Digital altered user DNS settings, pointing victims to malicious DNS in data centers in the country of Estonia as well as in New York and Chicago. The malicious DNS servers would give fake, malicious answers, altering user searches, and promoting fake and dangerous products. Because every web search starts with DNS, the malware showed users an altered version of the Internet. Even if you have antivirus software installed on your computer, this malware is powerful enough to overwhelm and disable it. Your computer may be infected and you may not realize it.
According to the DNS Changer Working Group (DCWG), on November 8 of last year, the FBI, the NASA-OIG and Estonian police arrested several cyber criminals in “Operation Ghost Click”. But to take the rogue servers out of service without providing for Internet service for the millions of computers affected would have caused a larger problem. Under a court order, expiring July 9, the Internet Systems Consortium has been and continues to operate clean replacement DNS servers for the Rove Digital network. They have done this to allow affected networks time to identify infected hosts, and avoid sudden disruption of services to victim machines. Because these temporary servers are due to be removed from service on July 9th, those who have not addressed the infection will find themselves without access to the Internet. Quite literally, it will appear as if someone has turned off the Internet.
How to fix / remove DNSChanger malware.
Fortunately, DCWG has provided users with a way to check their computers and find a fix in advance of the July 9 deadline. Visiting http://www.dcwg.org/ will allow you to check your computer for the DNSChanger malware. If your computer isn’t infected, you can breathe a sigh of relief and be reassured that on July 9th, your Internet browsing will continue as usual. If you find that your computer is infected, however, the site will provide you with a simple fix to remove the malware. Apply that fix, and you’ll be able to carry on with business as usual.
With as many as 87,000 computers infected with DNSChanger malware in the United States alone, taking the time to check your own machine can make the difference between continued productivity and a computing disaster. Don’t let July 9th come without having checked your computer for malware at the DCWG site.