Virus could cause Internet service disruptions Monday
BY ANDY IHNATKO July 6, 2012 8:42PM
In this photograph taken by AP Images for LG One, Cesar Pinon of Huron Elementary School uses a computer in the new Computer Innovation Learning Center Wednesday, Feb. 10, 2010 in Huron, Calif. (Gary Kazanjian / AP Images for LG One)
Updated: August 8, 2012 6:12AM
If you suddenly lose access to the Internet on Monday, don’t panic: it doesn’t mean that your PC has recently been infected with a virus or anything.
It just means that your PC was infected with a virus a long time ago, and the FBI has been helping to keep your infected PC online all this time.
Here’s what happened: A criminal enterprise created and unleashed a piece of malware called DNSChanger. In broad strokes, it interferes with all of your online activity by invisibly redirecting your Internet service to use the crime syndicate’s own set of domain name servers.
A domain name server is the trusted address book for every computer on the Internet. You ask the Web browser on your PC to take you to Suntimes.com. Your PC’s Internet service contacts a DNS, which tells your PC the numerical address of the Sun-Times’ web server, and then your web browser connects to that physical web server and opens the page.
DNSChanger forces an infected PC to use the criminals’ fraudulent DNS. As you can imagine, a fake DNS is like a fake phone book; it can trick your PC into going damned near anywhere without your ever being aware. It appears that the main scheme of DNSChanger was to redirect ad traffic and search results to sites that earned money for the scammers via referral links. But it also pulled worse tricks, such as re-routing URLs for Netflix, iTunes, and even the IRS to unrelated sites where the syndicate could reap kickbacks from established referral networks. The malware netted the enterprise more than $14M before it was shut down in October by the FBI and international law enforcement.
It’s a PC virus, but it can also modify the settings of your broadband router to use the rogue DNS so that the browser traffic of every computer and device on your network would be affected . . . including Macs, tablets, and phones.
Because DNSChanger infected so many computers — the FBI estimates half a million infections in the U.S. and about 4 million worldwide — and infected computers can only access the Internet through the criminals’ domain name servers, law enforcement decided to temporarily replace the criminals’ rogue domain name servers with legitimate ones, to keep those millions of users (many of which were inside government agencies such as NASA) online.
On Monday, they’re pulling the plug on the rerouting. It’s unlikely to cause any kind of a panic-in-the-streets meltdown. But it might inconvenience anyone whose machines are infected with DNSChanger or who relies on companies or services that use infected computers. Like most commercial malware, DNSChanger disables antivirus checkers and automatic OS updates . . . so it’s not unusual for people to continue to use infected machines, unaware.
Fortunately, a group was formed to identify and fix compromised machines. Visit http://www.dcwg.org/fix/, the DNS Changer Working Group’s site. Here you’ll find information on how to tell if your PC has been infected, as well as places to obtain free software to clean your system.