What is the threat about?
In 2007, a computer virus, Trojan horse, called the DNSChanger surfaced. Created by cybercriminals, it would redirect the internet traffic by hijacking the domain name systems of the web browser. Though a security fix was provided, this ordered replacement servers to allow for normal traffic flow through the infected computers. This court order expires on Monday and hence the Internet Doomsday.
The criminals had served more than $14 million worth of advertisements to spurious computers. The culprits were however, caught in November 2011, by FBI in the “Operation Ghost Click.”
What is DNS?
DNS or the Domain Name System is a service that converts the user-friendly domain to the numerical Internet protocol (IP) address that the computers use to connect. When we enter a domain name, such as www.google.com, then the computer connects DNS servers to determine the IP address for the website. These servers are operated by the client’s Internet service providers (ISP) and form the computer’s network configurations. Critical component for the working of the computer, without them the user cannot send e-mail, visit websites or use any Internet.
So what did the criminals do?
Once the cybercriminals became aware of controlling the user’s DNS servers, and controlling the what sites the users connect to, the criminals were able to connect the user to fraudulent websites or interfere with the user’s web browsing. The criminals accomplished this with the malware DNSChanger. The malware was used to change the settings of the user’s DNS and replace the ISP’s good DNS with malicious ones. These DNS servers, operated by the criminals are called the rogue DNS server.
How does the DNS Changer affect the computer?
The DNSChanger would cause the computer to use rogue DNS servers in either one of the ways.
- It would simultaneously change the computer’s DNS server to replace it with malware servers that were run by the criminals.
- Secondly, it would access the devices on the network that would be operating on a dynamic host configuration protocol (DHCP) server. Using the common default surnames and passwords, the DNS servers of these devices are also subsequently changed thereby affecting all computers with the malware.
What is the issue now?
The cybercriminals were caught but all of the infected computers numbering about 570,000 needed to use the dubious servers to connect to the Internet. Therefore, the FBI set up a security net. Bringing in a private organization, the company was made to install two clean servers that would take out the malicious servers. This way the people would also not lose the Internet. However, these will not last forever.
When is the plug being pulled?
This temporary system will be shut down on 12:01 a.m. EDT Monday, July 9. When this is done, the computers affected will not be able to access the Internet.
Range of this affliction
More than 277,000 computers are still infected worldwide. Down from the staggering 360,000 in April, FBI believes that there are about 64,000 still present in the United States.
How would one know whether their computers are affected?
Most of the users are unaware of being infected. The malicious software most likely slowed the web surfing and disabled antivirus, and this makes them more vulnerable to other cyber attacks. There is an easy way to check this. By logging in this website, http://dns-ok.us/ , for those who are infected, the ways of getting rid of it is mentioned at DCWG. (DNSChanger Working Group)
Facebook and Google are creating their own warning message. Facebook states: “Your computer or network might be infected” and provides a link for more detailed information. Google is sending across a similar message displayed at the top of a Google search results page. There is also relevant information on the procedure to correct the problem.
Had your computer been infected with DNS changer malware you would have seen a red background. Please note, however, that if your ISP is redirecting DNS traffic for its customers you would have reached this site even though you are infected. For additional information regarding the DNS changer malware, please visit the FBI’s website at:
Will the Internet be gone for sure on Monday in the infected computers?
Though the providers are coming up with alternatives with information or solutions, there will be a message that would state the problem of the infection.
What happens if one comes to know of the infection on Monday?
If the computer is already infected and the user does not solve the problem by Monday, it would become difficult to remove the malware. The computer will not access the Internet and therefore, subsequent ant-virus packages can only be applied with a USB drive or physical discs. Alternatively, the formatting of the computer’s operating system can also be done but this would blank all saved files.