Computers still infected by the DNS Changer malware using an Eastern European advertising scam won't be able to access the Internet Monday, when the FBI is expected to shut down the servers that ran the operation. But there's a fix.
DNC Changer Working Group/AP/File
Tens of thousands of personal computer users across the US – among more than a quarter-million worldwide – could be caught by surprise Monday when their web browser shows only a blank screen, cut off from the Internet by a federal judge's court order.
The reason behind the cutoff scheduled for 12:01 a.m., Eastern Daylight Time Monday, is a complex tale – a story of Eastern European cybercriminals whose carefully crafted crimeware burrowed into some 4 million personal computers around the globe.
Now, the FBI, which engineered the takedown and is now in charge of the cybergang's US-based network of rogue computer servers, is set to shut them down, even though many victims have not yet cleansed their computers of the malware that hijacks their browsers and sends them to the fraudulent servers.
The FBI managed to get a reprieve in March, arguing that only a fraction of the machines had been fixed. Another reprieve could be granted Monday. If not, estimates suggest that 270,000 to 500,000 machines worldwide – perhaps a quarter of those in the US – had not been cleaned up as of late last month. Some 12 percent of all Fortune 500 companies and 4 percent of “major” US federal agencies still have infected computers, according to Internet Identity, a cybersecurity firm in Tacoma, Wash.
"This is an important moment in Internet enforcement," says Alan Paller, director of research for the Sans Institute, a cybersecurity education organization based in Bethesda, Md. "For the first time I can remember government is involved and is telling citizens to protect themselves."