Approximately 64,000 Americans could lose Internet access on Monday thanks to a criminal organization that infected millions of computers around the world with malware called DNSChanger. This malware was used to direct unsuspecting users to rogue servers controlled by the cyber thieves, where they manipulated users’ web browsing activity and used it for ad hijacking, allowing them to make millions of dollars in illicit fees.
Six Estonian nationals have been arrested and charged with running a sophisticated Internet fraud ring that infected millions of computers worldwide with a virus and enabled the thieves to manipulate the multi-billion-dollar Internet advertising industry. Users of infected machines were unaware that their computers had been compromised—or that the malicious software rendered their machines vulnerable to a host of other viruses.
Beginning in 2007, the cyber ring used a class of malware called DNSChanger to infect approximately 4 million computers in more than 100 countries. There were about 500,000 infections in the U.S., including computers belonging to individuals, businesses, and government agencies such as NASA. The thieves were able to manipulate Internet advertising to generate at least $14 million in illicit fees. In some cases, the malware had the additional effect of preventing users’ anti-virus software and operating systems from updating, thereby exposing infected machines to even more malicious software.
DNS (Domain Name System) is an Internet service that converts user-friendly domain names, such as www.fbi.gov, into numerical addresses that allow computers to talk to each other. Without DNS and the DNS servers operated by Internet service providers, computer users would not be able to browse websites, send e-mail, or connect to any Internet services.
After announcing criminal indictments and seizing the rogue servers last November, the FBI obtained a court order and worked with a non-profit to set up temporary clean DNS servers for victims affected by the DNSChanger malware.
But, says Supervisory Special Agent Thomas Grasso of thr FBI Cyber Division, “On July 9, we’re going to be turning off those servers. We’ve been using the last eight months to go out and clean up the infected computers, but we don’t have everybody.” Grasso says he hopes that people “follow our recommendations to: one, determine if they’re affected by this; and then two, fix the problem.” For more information, visit the links below or www.dcwg.org.