Will your internet stop working this summer?
In November 2011, after a two year investigation, the FBI arrested six Estonian nationals and charged them with running a sophisticated Internet fraud ring that infected more than 4 million computers in 100 countries with malware that enabled them to manipulate internet advertising and leaving infected machines vulnerable to a host of other malicious software. Owners of the infected machines were unaware that their system had been compromised.
Back in 2007, the ring started using a class of software called DNSChanger rerouting unsuspecting users to servers controlled by the parties involved. DNS (Domain Name System) servers are a critical piece of the internet that allows us to have user friendly domain names such as averageamericanfamily.com or fbi.gov. Without these user friendly names it would be very difficult for us to navigate the internet and send email.
This malware worked by directing a person on an infected computer to an illegitimate site that looked similar to the site they were trying to go to or sold products similar to the ones the legitimate site sold. It is estimated that these thieves collected over $14 million in illicit fees and by doing this deprived legitimate website operators and advertisers of substantial revenue.
To assist victims affected by the DNSChanger malicious software, the FBI obtained a court order authorizing the Internet Systems Consortium (ISC) to deploy and maintain temporary clean DNS servers. This solution is temporary, providing additional time for victims to clean affected computers and restore their normal DNS settings. The clean DNS servers will be turned off on July 9, 2012, and computers still impacted by DNSChanger may lose Internet connectivity at that time.
To find out if your computer is affected, go to http://www.dcwg.org/. This site was setup for the sole purpose of helping victims of this malware.