Internet D-Day: FBI unplugs thousands of malware victims

Image from www.fbi.gov
Some 200,000 users may be reading this via smartphones, since their PCs won’t connect to the Internet. The FBI has switched off the temporary servers supporting victims of DNSChanger, a widespread malware virus.

­The DNSChanger Trojan, infecting over 4 million computers at its peak, changed the IP addresses of computers trying to surf the web – and rerouted search requests to advertisement web pages.

An international gang behind the virus scooped up over $14 million through the black market advertising scheme.

In November, the FBI arrested the gang, which they had been tracking since 2007. The bureau also seized the hackers’ servers. To avoid disconnecting millions of users in 100 countries, the FBI set up their own clean servers and, together with Facebook, Google and Internet providers, launched an awareness campaign.

Eight months into the campaign, the FBI’s temporary servers were turned off Monday around 04.00 GMT. This means a total blackout for some 211,000 infected computers, according to Reuters. Without a server to assign an IP address to the computer, the PC is as good as blind in the web.

Some experts even dubbed Monday “Internet doomsday”. Major US companies and government agencies are still listed among the infected machines. The only hope for the misfortunate users now is reaching out to the help desk of their Internet provider.

Besides changing the IP, the malicious script also disabled antivirus software. Special online programs had to be designed to check computers for any trace of the DNSChanger, since the only manifestation of the virus's presence was slowed down web surfing. But with antivirus shields down, users now may face new problems.

The FBI was initially planning to shut down their provisional servers in March, but a US district court ruled the servers were to remain operational until July 9. Running the safety net for eight months has cost the agency over $87,000.