Amended July 9th, 2012.
Today is the day. If you haven’t taken the FBI’s troubleshooting steps by the end of the day, you may find yourself without internet access by tomorrow morning.
Amended March 8th, 2012.
With hundreds of thousands of systems still infected with the DNS changing malware, the FBI has decided to prolong the shutdown until July 9, 2012. The agency is urging people to navigate to its page to see if their computer’s IP address is affected. To find out what your IP address is, simply type “my IP” into Google, which will give you the address to copy and paste into the FBI’s DNS checker.
Don’t get complacent. The new 4-month window of amnesty shouldn’t keep you from checking your computer for the virus immediately — and taking the necessary steps to clean your machines while there’s still time.
A rumor about the FBI possibly “turning off” the Internet on March 8th has gone viral. While we’re in no danger of a national online blackout, the truth is, web access for upwards of half a million users in the U.S. alone may be at risk on 3/8. Here’s what you need to know to protect yourself.
In 2007, a group of Estonian nationals created and launched a Trojan called the DNSChanger, which spread to over 4 million computers (approximately 500,000 in the U.S.). The hackers intended to make a tidy profit by redirecting users to sites that paid per visitor. They also facilitated the creation of counterfeit versions of real websites that gathered personal information, which could be packaged and sold to other cyber thieves.
The Trojan loaded itself through infected sites and social engineering — for example, fooling users into thinking they were downloading free software. Once loaded, the Trojan changed the DNS settings on the host computer. So when a user typed in a web url, instead of taking its instructions from the user’s service provider, the infected computer was instead directed to search the hacker’s DNS servers for navigation instructions. Aside from controlling where the user ended up on the web, the hack also prevented the computer from installing any security updates or other ways to protect itself against various online threats, leaving the user’s system dangerously exposed.
The hackers were apprehended by the FBI late last year, but the infected computers are continuing to look to the hacked servers for instructions. The FBI could have simply shut down the bogus DNS servers, which would have cut off the infected computers from the web. But instead, the agency got a court order, which allowed it to replace the rogue servers with legitimate stand-ins for 120 days. Those 120 days were supposed to be more than enough time for all infected users to clean their computers.
With the shut-off date quickly approaching, many procrastinators have only just begun to start seriously looking for answers.
If you want to know if your computer is infected — and more importantly, what to do about it — the FBI has posted a short guide online. Following the instructions only takes a few minutes, but if you need even faster answers, here’s a website that will tell you if you’re infected: http://dns-ok.us/. (You can also get more information at dcwg.org.)
If the site loads green, then you’re safe and have nothing to worry about. However, if the image comes up red, then you’re most likely infected and should clean your computer before March 8th.
Since it’s a complex procedure, the FBI recommends that you enlist the aid of a computer professional to do the cleaning. However, there are many tutorials online that can help you. We found good advice at DetectMalware and eHow. You can search “DNSChanger removal” for more options.
If you’re unlucky enough to be among those infected, there are a number of sensible ways to ensure you’ll be able to get online after the FBI’s threatened blackout date. But doing nothing is definitely not your best option. We urge you to check your computer today — the Internet access you save could be your own.