Internet shutdown looms for some

2012-07-06 09:32
Computers infected with malware may lose their internet connection. (AP)

Computers infected with malware may lose their internet connection. (AP)

Multimedia   ·   User Galleries   ·   News in Pictures Send us your pictures  ·  Send us your stories

Washington - Tens of thousands of computer users around the world infected with malware in 2011 may lose their internet access with the expiration of a fix by US authorities, security experts say.

The problem stems from malware known as DNS Changer, which was created by cybercriminals to redirect internet traffic by hijacking the domain name systems of web browsers.

The ring behind the DNS Changer virus, discovered in 2007, was shut down last year by the US Federal Bureau of Investigation (FBI), Estonian police and other law enforcement agencies.

Because the virus controlled so much web traffic, authorities obtained a court order to allow the FBI to operate replacement servers which allow traffic to flow normally, even from infected computers.

But that order expires on Monday, when experts say infected computers will face an "internet doomsday".

Infected

The FBI, Facebook, Google, internet service providers and security firms have been scrambling to warn users about the problem and direct them to fixes.

According to a working group set up by experts, more than 300 000 computers remained infected as of 11 June.

The largest number were in the US (69 000), but more than a dozen countries - including Italy, Germany, India, Britain, Canada, France and Australia - are also believed to have infected computers.

Security experts say it's not clear how many of those computers are active.

"Reaching victims is a very hard problem, and something we have had issues with for years," said Johannes Ullrich, a researcher with the Sans Security Institute.

But he said he expected the impact to be "minimal" because many of these systems are no longer used or maintained.

Users who think they are infected may perform a test at the DNS Changer Working Group's website or others operated by various security firms.

Malware

The security firm Internet Identity said last week that at least 58 of all Fortune 500 companies and two out of 55 major government entities had at least one computer or router that was infected with DNS Changer.

That's an improvement over January, when half of Fortune 500 companies and US federal agencies were infected.

"DNS Changer is an insidious form of malware affecting everyone from the everyday consumer to a large chunk of the Fortune 500," said IID chief executive Lars Harvey.

IID said that the malware also compromises computers by preventing antivirus software updates.

"This enables criminals to view any data, messages exchanged and more on a victim's computer, depending on what the victims' machines are infected with," the company said.

The security firm McAfee, which also offers a diagnostic tool, said users must act before Monday to clean their computers.

"If users' computers have the wrong DNS settings for the servers, they will not be able to access websites, send e-mail or use internet services," a McAfee statement said.

Blackout

Google said in May it was seeking to notify 500 000 users of likely infections who were using the FBI servers.

Google spokesperson Jay Nancarrow said on Thursday it was not clear how many remain infected.

"We've notified many people and have seen some clean-up as a result, but we expect others with affected devices will likely encounter problems after the deadline passes," he said.

For computers affected, the blackout will be total, experts say.

"Connectivity will be lost to the internet period," said a blog posting from the security firm Symantec.

"If your computer is still using DNS entries that are pointing to the FBI servers on 9 July, you will lose total access to the internet. No connecting to the office from home, no updating Facebook, nothing until the DNS settings are fixed."

Six Estonians and a Russian were charged last November with infecting computers, including Nasa machines, with the malware as part of an online advertising scam that reaped at least $14m.

The internet fraud, which took place between 2007 and October 2011, involved redirecting users searching for websites such as iTunes, Netflix and even the US tax collection agency.

At least four million computers located in over 100 countries may have been infected.
Read more on:    internet  |  cybercrime

Join the conversation!

24.com encourages commentary submitted via MyNews24. Contributions of 200 words or more will be considered for publication.

We reserve editorial discretion to decide what will be published.
Read our comments policy for guidelines on contributions.
NEXT ON NEWS24X

linking and moving

2015-04-22 07:36

24.com publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
7 comments
Comments have been closed for this article.

Inside News24

 
/News

Book flights

Compare, Book, Fly

Traffic Alerts
There are new stories on the homepage. Click here to see them.
 
English
Afrikaans
isiZulu

Hello 

Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.


Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.

Settings

Location Settings

News24 allows you to edit the display of certain components based on a location. If you wish to personalise the page based on your preferences, please select a location for each component and click "Submit" in order for the changes to take affect.




Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.