If you’re one of an unlucky 350,000 Internet users out there, your Internet connection could black out on July 9.
In an effort to clean up the mess left behind by an “Internet fraud ring,” the FBI is urging Internet users to check their computers for an infection by a DNSChanger, a DNS redirecting malware that infected over 4.2 million computers, and could still affect many.
In November 2011, in an FBI sting called “Operation Ghost Click,” six Estonian nationals were arrested for running a sophisticated crime ring. Their malware, DNSChanger, netted them over $14 million in illicit revenue. The malware in question worked like this: When you click on a link to a website or type in its URL, your computer sends a request to a DNS server, which translates the URL into the appropriate IP address. The IP address is sent back to your browser, which can then find the website in question. The DNSChanger would hijack the requests of infected users and redirect the requests to their own DNS servers. Their DNS servers would then translate the URLs into an illegitimate IP address and trick the browser into displaying a different website. Essentially, trying to access YouTube could send you to a porn site.
How did DNSChanger benefit its creators and harm its victims?
1. Directing users away from a legitimate site denies that site the traffic (and ad revenue) it would have had.
2. Redirected users were funneled to the website of the ring’s customers, who believed they were paying for traffic from Internet users who intended to click on their ads.
3. Users who were redirected to the website of a business due to the ring may have been perceived as being illegitimate businesses.
4. The DNSChanger was built to also prevent users from cleaning the malware using anti-virus software, which then would prevent users from protecting themselves against other viruses and malware.
Due to millions of Internet users who were infected and relying on these fake DNS servers to access websites, the government decided against immediately shutting it down and instead opted to convert them to temporary clean DNS servers. But having cleaned all but 350,000 devices, DWCG, the organization tasked to maintain and oversee the servers, announced that the servers will be shut down on July 9. Consequently, infected devices will lose access to the Internet.
If you’d like to check to see if your computer is DNSChanger-free or have been infected, you can visit DWCG’s site and have your computer checked in a diagnosis that takes mere seconds. If you’re given the clean bill of health you should be green-lighted like below.