While the total number of computers infected with the DNSChanger malware has dropped by about 20 percent since April 2012, the FBI released updated estimates this week regarding the amount of computers in the world that will lose an Internet connection on 12:01 a.m. EDT Monday, July 9. According to an Associated Press report, over 277,000 computers around the world are still infected and approximately 64,000 of those users are located in the United States. In Canada, the number of infected computers has dropped from 25,000 down to 7,000 due to the combined efforts of the Public Safety Canada and the Canadian Radio-television Telecommunications Commission.
The DNS Changer Working Group has setup a special site that allows people around the world to check and see if the malware is on their personal or work computer. To check your computer, click on the “Detect” link on the site and follow the instructions on the page.
If infected, the DCWG site includes instructions on removing the malware which including backing up all data and attempting to remove the malware with tools like Kaspersky Labs TDSSKiller, Hitman Pro, Norton Power Eraser or McAfee Stinger. The page also includes guides on how to use the software successfully as well as frequently asked questions from others that have undergone the same process.
According to security consultant Barry Greene, both Facebook and Google have been working together to see if users have been infected by the DNSChanger malware and offer instructions on how to fix the problem. Internet service providers are also attempting to notify users prior to the July 9 deadline. For instance, Comcast has sent letters and emails to customers with computers infected with the malware. Anyone still infected with the malware on Monday morning will likely have to call up their Internet service provider in order to regain access to the Web. Internet service providers may also direct customers to free malware removal tools on the Web that could help for future issues.
According to FBI supervisory special agent Tom Grasso, approximately fifty Fortune 500 companies still have computers infected with the DNSChanger malware. The majority of those infected users should be experiencing decreased browsing speed and it’s possible that their antivirus software has been disabled.
This can be a particularly difficult problem for large companies as infected computers are likely more susceptible to other forms as malware in addition to more serious computer viruses. Some extremely harmful forms of malware are so destructive that the average computer user has to install a fresh copy of their operating system to regain system control.
The July 9 cutoff date was set by the FBI eight months ago after the federal organization setup replacement servers as a safety net. This gave all users infected with the DNSChanger malware a sizable amount of time to discover and remove the harmful software from their computer. Basically, the malware has been redirecting users through the replacement servers. Before the criminals infecting people with the malware were caught by the FBI, they had been redirecting users to pages filled with online advertising and racked up approximately $14 million with their click-fraud scam.