Is Monday Internet Doomsday? Thousands Prepare for Malware

Thanks to international hackers, hundreds of thousands may be without Internet on Monday.

Thousands of people around the country whose computers were infected with malicious software more than a year ago faced the possibility of not being able to get online after midnight EDT.

At 12:01 a.m. EDT, the FBI planned to shut down the Internet servers set up as a temporary safety net to keep infected computers online for the past eight months. The court order the agency obtained to keep the servers running expired, and it was not renewed.

The problem began when international hackers ran an online advertising scam to take control of more than 570,000 infected computers around the world. When the FBI went in to take down the hackers late last year, agents realized that if they turned off the malicious servers being used to control the computers, all the victims would lose their Internet service.

 In a highly unusual move, the FBI set up the safety net. The bureau brought in a private company to install two clean Internet servers to take over for the malicious servers so that people would not suddenly lose their Internet.

The FBI arranged for a private company to run a website -- http://www.dcwg.org -- as a place where computer users could go to see if their computer was infected and find links to other computer security business sites where they could find fixes for the problem.

From the onset, most victims didn't even know their computers were infected, although the malicious software probably has slowed their web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.

Many computer users don't understand the complex machines they use every day to send email, shop, and cruise for information. The cyberworld of viruses, malware, bank fraud and Internet scams is often distant and confusing, and warning messages may go unseen or unheeded.

Also, some people simply don't trust the government, and believe that federal authorities are only trying to spy on them or take over the Internet. Blogs and other Internet forums are riddled with postings warning of the government using the malware as a ploy to breach American citizens' computers. That's a charge the FBI and other cybersecurity experts familiar with the malware quickly denounce as ridiculous.

Still, the Internet is flooded with conspiracy theories:

"I think the FBI just wants everyone to go to that website to check our computers so they can check our computers as well. Just a way to steal data for their own research," one computer user said in a posting on the Internet.

Another observed: "Yet another ploy to get everyone freaked out ... remember Y2K."

There also is an underlying sense that this will be much ado about nothing, such as the approach of 2000. The transition to that year presented technical problems and fears that some computers would stop working because they were not set up for the date change. In the end there were very few problems.

Considering there are millions of Internet users across the country, several thousand isn't a big deal, unless you're one of them.

Rep. Jim Langevin, D-R.I., and co-founder of Congress' cybersecurity caucus, said computer users have a responsibility to practice good sense and make sure their computers are not infected or being hijacked by criminals.

"These types of issues are only going to increase as our society relies more and more on the Internet, so it is a reminder that everyone can do their part," he said.

FBI officials have been tracking the number of computers they believe still may be infected by the malware. As of Wednesday, there were about 45,600 in the U.S. -- nearly 20,000 less than a week ago. Worldwide, the total is roughly 250,000 infected. The numbers have declined steadily, and recent efforts by Internet service providers may limit the problems on Monday.

Tom Grasso, an FBI supervisory special agent, said many Internet providers have plans to try to help their customers. Some may put technical solutions in place that will correct the server problem. It they do, the Internet will work, but the malware will remain on victims' computers and could pose future problems.

Other Internet providers are simply braced for the calls to their help lines.

Source: latino.foxnews.com

DNSChanger may take 300,000 offline

DNSChanger malware, which began spreading in 2007, could prevent up to 300,000 computers worldwide from connecting to the internet

As many as 300,000 people could see their computers go offline on Monday, as the effects of an FBI battle with a gang of Estonian cyberthieves over a piece of malware called "DNSChanger" reaches its climax.

People whose PCs won't connect to the net from Monday may have to call ISPs to figure out a fix, which will involve changing settings in their computer used to look up websites.

Those affected, who will already have ignored multiple warnings from services such as Google, may find that task challenging; more skilledinternet users will already have heard about the problem.

The affected computers, whose numbers have fallen dramatically from around 4m among 100 countries during the malware's peak activity between 2007 and 2011, will be cut off because the lookup system they use to find sites online, called the DNS servers, will try to connect to computers formerly owned by the gang which are being shut down. That means that attempts to connect to any site will fail.

DNS (domain name system) servers provide a core function of the internet. They translates an address such as "guardian.co.uk" to a numerical one such as "77.91.248.30" – so that typinghttp://guardian.co.uk into a web browser has the same effect as typinghttp://77.91.248.30.

The "DNSChanger" malware began spreading in 2007 and affected computers by changing the settings on PCs so that they would use the Estonian hacker ring's DNS servers to look up addresses, rather than those of the user's ISP or other services.

Affected computers would be pointed to advertising sites rather than the ones requested, earning the hackers an estimated $14m (£8.7m).

But the FBI cracked down on the scam, finally getting control of the hackers' DNS servers in November 2011. Six people were charged in November 2011 after being arrested in Estonia, and a seventh was sought in connection with the crimes.

The agency set up "Operation Ghost Click" and spent two years tracking the gang using the DNSChanger malware, eventually seizing 100 servers in New York and Chicago that they reckoned were part of the command and control infrastructure used to control the "clickjacking" business.

"They victimised legitimate website operators and advertisers who missed out on income through click hijacking and ad replacement fraud," the FBI's Janice Fedarcyk, assistant director at its New York office, said at the time.

However, rather than taking them offline at once, which would have left huge numbers of people in the lurch, the FBI took the unusual step of bringing in a private company to keep the servers running, and offered diversion schemes to warn people their computers were affected.

The number of affected users has been falling steadliy, but the FBI reckons that there are still around 45,600 in the US, and between 250,000 and 350,000 worldwide.

The original plan had been to shut down the DNS servers in March, but the FBI delayed that to allow more time for security companies and ISPs to warn customers.

Source: guardian.co.uk