Saturday, April 21, 2012

Webageddon In July?

Ken O’Brien

Four million internet users worldwide face a total internet blackout from July 9, thanks to a malicious piece of software that infected their computers without their knowledge

Hackers infected a network of computers worldwide. They took advantage of vulnerabilities in the Microsoft Windows operating system to install malicious software on the victim computers. This turned off antivirus updates and changed the way the computers reconcile website addresses behind the scenes on the Internet's domain name system. 

The hackers earned profits from advertisements that appeared on websites that victims were tricked into visiting. The scam netted the hackers at least $14 million, according to the FBI. It also made thousands of computers reliant on the rogue servers for their Internet browsing.

When the FBI and others arrested six Estonians last November, the agency replaced the rogue servers with clean ones. Installing and running the two substitute servers for eight months is costing the federal government about $87,000.

Most of the victims are probably individual home users, rather than corporations that have technology staffs who routinely check the computers.

The FBI has uncovered a network of rogue DNS servers and has taken steps to disable it. The FBI is also undertaking an effort to identify and notify victims who have been impacted by the DNSChanger malware. One consequence of disabling the rogue DNS network is that victims who rely on the rogue DNS network for DNS service could lose access to DNS services. To address this, the FBI has worked with private sector technical experts to develop a plan for a private-sector, non-government entity to operate and maintain clean DNS servers for the infected victims. The FBI has also provided information to ISPs that can be used to redirect their users from the rogue DNS servers to the ISPs’ own legitimate servers. The FBI will support the operation of the clean DNS servers for four months, allowing time for users, businesses, and other entities to identify and fix infected computers. At no time will the FBI have access to any data concerning the Internet activity of the victims.

DNS (Domain Name System) is an Internet service that converts user-friendly domain names into the numerical Internet protocol (IP) addresses that computers use to talk to each other. When you enter a domain name, such as www.fbi.gov, in your web browser address bar, your computer contacts DNS servers to determine the IP address for the website. Your computer then uses this IP address to locate and connect to the website. DNS servers are operated by your Internet service provider (ISP) and are included in your computer’s network configuration. DNS and DNS Servers are a critical component of your computer’s operating environment—without them, you would not be able to access websites, send e-mail, or use any other Internet services.

The FBI has sponsored a service to evaluate whether your computer has been exposed to the virus. Go to the DCWG website to run a free diagnosis. Users of Microsoft Windows can download a malware removal tool at their Help & Support site.

No comments:

Post a Comment

All comments subject to moderation. All commenters must use their own name or a screen name. No comments labelled as "Anonymous" will be published. To use your name or a screen name select "Name/URL" from the drop down menu. Insert you name in the "Name" space and leave the "URL" space blank.