Blackout looming: Thousands to lose Internet access as FBI shuts down servers


­On July 9, thousands of Internet users worldwide could lose access after the FBI shuts down temporary DNS servers that replaced fraudulent servers operated by hackers.

Major companies and US government agencies are amongst those that could be blocked out, according to the Internet security firm IID.

The blackout will affect systems infected with the DNSChanger Trojan, a malware program that altered user searches and redirected them to pages offering fraudulent and, in some cases, dangerous products.

Last November the FBI arrested and charged six Estonian men behind the malware as part of Operation Ghost Click. These hackers were able to make a fortune off their project, raking in millions for ads placed on their fraudulent websites.

On the eve of the arrests, the FBI hired Paul Vixie, chairman of the Internet Systems Consortium (ISC) to install two temporary Internet servers that would prevent infected users from losing access to the Internet once the DNSChanger botnet was shut down. These users were advised to take steps to get rid of the malware on their computers, and the DNSChanger Working Group was set up by the computer industry and law enforcement to come up with a plan to phase out the surrogate servers.

The FBI was initially planning to shut down their provisional servers in March, but a US district court ruled the provisional servers were to remain operation until July 9.

Running the temporary servers for eight months has cost the FBI $87,000.

With the looming deadline approaching, estimates suggest up to 360,000 unique Internet addresses are still using the rogue servers, with most of them based in the US, according to federal authorities. Other countries with over 20,000 each include Italy, Canada, India, the United Kingdom and Germany. This is down from the over half a million addresses registered when the six hackers were arrested, but still enough to paralyze the functioning of important websites. At its peak several years ago, up to six million systems worldwide were infected with the malware.

The DNS system is a network of servers that translates a web address into a numerical IP address used by computers. Computers affected by the DNSChanger worm were reprogrammed to access rogue DNS servers that redirected them to fraudulent websites.#Link

The problem began when international hackers ran an online advertising scam to take control of more than 570,000 infected computers around the world.

When the FBI went in to take down the hackers late last year, agents realised that if they turned off the malicious servers being used to control the computers, all the victims would lose their Internet service.

In a highly unusual move, the FBI set up a safety net. They brought in a private company to install two clean Internet servers to take over for the malicious servers so that people would not suddenly lose their Internet.

But that temporary system will be shut down at 12:01 a.m. EDT (4.01am GMT) on Monday, July 9.

Most victims don’t even know their computers have been infected, although the malicious software probably has slowed their Web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.

But popular social networking sites and Internet providers have got more involved, reaching out to computer users to warn of the problem.

If you wish to check if your computer is at risk, visit (linked above) and hopefully you will see the 'all clear' signIf you wish to check if your computer is at risk, visit (linked above) and hopefully you will see the ‘all clear’ sign

According to Tom Grasso, an FBI supervisory special agent, many Internet providers are ready for the problem and have plans to try to help their customers. Some, such as Comcast, already have reached out.

The company sent out notices and posted information on its website. Because the company can tell whether there is a problem with a customer’s Internet server, Comcast sent an email, letter or Internet notice to customers whose computers appeared to be affected.

Grasso said other Internet providers may come up with technical solutions that they will put in place on Monday that will either correct the problem or provide information to customers when they call to say their Internet isn’t working. If the Internet providers correct the server problem, the Internet will work, but the malware will remain on victims’ computers and could pose future problems.

In addition to individual computer owners, about 50 Fortune 500 companies are still infected, Grasso said.

Both Facebook and Google created their own warning messages that showed up if someone using either site appeared to have an infected computer. Facebook users would get a message that says, “Your computer or network might be infected,” along with a link that users can click for more information.

Google users got a similar message, displayed at the top of a Google search results page. It also provides information on correcting the problem.

To check whether a computer is infected, users can visit a website run by the group brought in by the FBI:

The site includes links to respected commercial sites that will run a quick check on the computer, and it also lays out detailed instructions if users want to actually check the computer themselves.#Link


2 Responses

  1. Stan Sikorski says:

    Something seems hokey about all this. Why would the FBI care about 360,000 internet users that are obviously too stupid to make sure their gear is clean? Anyone with half a brain would realize they’ve got a problem with their PC when dragged to a site other than what they had input. It just doesn’t make sense…unless, the FBI took advantage of those infected to get a good look at their systems and information. That makes this whole thing understandable.

    When in doubt, do a deep reformat.

  2. We where warned in advance and still the sheeple walk around totally controlled

Leave a Reply

© 2012 Pakalert Press. All rights reserved.