FBI to shut down servers in DNSChanger virus war
The FBI has today shut down several servers used for malware called DNSChanger, which could leave up to 300,000 computers without internet access.
The server shutdown is the latest and final stage in a battle the FBI has been involved in for several years. DNSChanger was first detected in 2007, and at one point had infected over 4 million computers in 100 countries. The FBI arrested six people in Estonia and seized their servers in November 2011, but decided not to shut them down immediately as it would have left millions without internet access.
Most computers automatically use the server of their internet service provider (ISP), but the malware would force them to use the DNSChanger servers instead. The DNSChanger servers would hijack the domain name look-up function of infected computers; whichever domain name a user typed into the browser address bar, they would be redirected to an advertising site. The hackers earned an estimated £9 million from advertising in this way.
DNS Changer: are you affected?
Put simply, if you’re reading this, you’re not affected. Any computers using the servers would have lost all internet access at around 5am today. Furthermore, the Guardian said those affected “will already have ignored multiple warnings from services such as Google”, while many ISPs have been alerting users who appear to be infected. However, stats gathered by the FBI indicate 19,589 computers in the UK are still using the DNSChanger servers, along with over 20,000 in India and Italy, and a huge 69,517 in the US.
Adrian Mursec, senior developer at theEword, said: “It seems the FBI has done a good job minimising the impact of this important shutdown. Unfortunately, those affected might be the less tech-savvy members of the public who didn’t understand the warnings they received. To restore internet access, those affected will need to call their ISP’s customer service helpline and follow their instructions.”