Criminal 'malware' threatens Internet service Monday
Published Thursday, July 5, 2012 7:01AM EDT
Last Updated Thursday, July 5, 2012 7:38PM EDT
Malicious software created by a criminal gang running an online scam has infected millions of computers worldwide and threatens to cut off Internet service to tens of thousands of users Monday.
Warnings about the malicious program, known as a DNS Changer, have been carried on social networks like Facebook and by search giant Google.
The U.S. Federal Bureau of Investigation has also set up a special advisory website.
Computer users are being urged to check their systems for the so-called malware that could have infected their machines up to a year ago.
Even though there have been ample warnings, at least 277,000 machines are believed to still be infected around the globe, down slightly from about 360,000 in April. The FBI believes around 64,000 of the remaining infections are in the U.S.
Six Estonians were charged with running the scam last year after a two-year investigation by the FBI called “Operation Ghost Click.”
Beginning in 2007, the cyber ring used “DNS Changer” malware to infect about four million computers in more than 100 countries, including 500,000 in the U.S., the FBI said.
The program essentially redirects users from a site they’re looking for to one operated as part of the scam, typically offering fake and dangerous products.
The FBI said the ring generated about US$14 million in illegal fees.
But when the FBI and Estonian police closed in on the suspects, agents realized that if they turned off the malicious servers being used to control the computers, all the victims would lose their Internet service.
In response, the FBI set up a safety net and brought in a private company to install two clean Internet servers to take over for the ones being used by the gang.
That temporary system will be shut down at 12:01 a.m. EDT on Monday, possibly leaving infected users without online access.
How to find out if you’re infected
To determine if a computer is infected and to clean it out by the deadline, users can visit the DNS Changer Working Group’s website for information.
The site offers links that can detect the malware, information on how to fix it and ways to protect a computer from future problems.
Internet providers may also come up with technical solutions that they will put in place Monday.
Both Facebook and Google created their own warning messages that showed up if someone using either site appeared to have an infected computer.
Facebook users would get a message that says, “Your computer or network might be infected,” along with a link that users can click for more information.
Google users got a similar message, displayed at the top of a Google search results page. It also provides information on correcting the problem.
In addition to individual computer owners, about 50 Fortune 500 companies are still infected, the FBI says.