suntimes
CALM 
Weather Updates

Malware deadline passes, very few knocked offline

Webroot's SecureAnywhere Complete 2012 software for computer security display Best Buy MountaView Calif. Friday July 6 2012. Despite repeated alerts

Webroot's SecureAnywhere Complete 2012 software for computer security on display at Best Buy in Mountain View, Calif., Friday, July 6, 2012. Despite repeated alerts, tens of thousands of Americans may lose their Internet service Monday unless they do a quick check of their computers for malware that could have taken over their machines more than a year ago. The warnings about the Internet problem have been splashed across Facebook and Google. Internet service providers have sent notices, and the FBI set up a special website. (AP Photo/Paul Sakuma)

storyidforme: 33322315
tmspicid: 12158437
fileheaderid: 5552652
Article Extras
Story Image

Updated: August 11, 2012 6:11AM



The “Internet blackout” anticipated for Monday ended up looking more like a flicker.

Contrary to concerns that tens of thousands of people could lose internet service, relatively few people lost their service when interim servers were shut down shortly after midnight, according to Internet providers.

The FBI warned in March that these servers, which maintained Internet for users whose computers were infected with a hacker-planted virus, would be disabled Monday, giving people time to remove the malware.

In November, the FBI seized a European group of hackers who started infecting millions of computers worldwide in 2007 with malware called DNSChanger, which redirected users to the criminals’ own domain servers. The virus sent people to fake websites and left them vulnerable to a host of software issues.

The agency estimated more than 4 million computers in at least 100 countries were infected, with about 500,000 in the U.S. Since then, the number has sharply declined.

As of Sunday night, there were only 210,859 unique IP addresses affected worldwide. About 41,557 in the U.S were affected, down from 45,619 on July 4 and 69,517 on June 13, according to DNS Changer Working Group, which monitored the servers.

Jack Segal, a spokesman for Comcast, said the company anticipated few customers would be affected and the number of calls from customers about the outage on Monday was “miniscule,” possibly due to informational campaigns.

“For months, we have been emailing, mailing letters, sending in-browser notifications and calling customers on the phone who we thought might be impacted,” Segal said.

Both Comcast and AT&T directed customers to websites that gave information on how to disable the virus.

Jim Kimberly, a spokesman for AT&T, said the company had notified users of the issue in advance via an email and direct mail campaign, and only a small number of customers have been affected.

The FBI obtained a court order allowing the agency to use services of California-based Internet Systems Consortium, which operated “clean” servers for infected computers and kept Internet running. This is the first time the agency has done something like this, FBI spokeswoman Jenny Shearer said.

She said on Monday the FBI was “not aware of significant issues associated with removing the clean servers.”



© 2014 Sun-Times Media, LLC. All rights reserved. This material may not be copied or distributed without permission. For more information about reprints and permissions, visit www.suntimesreprints.com. To order a reprint of this article, click here.