Internet Doomsday March 8 - The truth about DNSChanger viruses
While it's true some users may lose their internet access next month, it's not the FBI's fault
By Christina DesMarais | PC World | Published: 14:25, 20 February 2012
Heard the one about the FBI shutting down the internet next month?
Like many memes before it, this dire warning is floating around blogs and sites. It even names March 8 as the day the FBI might "shut down the internet." But relax, that's not really the case.
While yes, an untold number of people may lose their internet connection in less than three weeks, if they do they only have nefarious web criminals to blame and certainly not the FBI.
Related Articles on Techworld
If people end up in the dark on March 8 it's because they're still infected with the malware the FBI started warning people about last November when it shut down a long-standing Estonian web traffic hijacking operation that controlled people's computers using a family of DNSChanger viruses. The malware works by replacing the DNS (Domain Name System) servers defined on a victim's computer with fraudulent servers operated by the criminals. As a result, visitors are unknowingly redirected to websites that distributed fraudulent software or displayed ads that put money into the bad guys' pockets.
Here's the worst part: The malware also prevents security updates and disables installed security software.
To help protect victims, the FBI replaced the rogue servers with legitimate ones - a measure the agency said would be in effect for 120 days. Had it not taken that step and simply shut down the bad servers back in November, infected computers would have been immediately blocked from internet access.
So the current problem isn't that the FBI will be shutting down the internet when the 120 days runs out on March 8, it's that many people and organisations haven't removed the malware from their computers. In fact, as many as half of Fortune 500 companies and government agencies are delinquent in updating, according to some reports.
So how do you know if your computer or router is infected with DNSChanger?
The FBI says the best way to know is to have them checked out by a computer professional, which admittedly isn't very helpful.
However, it does offer a resource paper PDF with guidance to make that determination yourself, although even if you find out your system is infected the FBI says you still need a pro to scrub your machine.
As another alternative, you can use the free Avira DNS Repair Tool to figure out if a computer is using one of the temporary DNS servers. Unfortunately, the tool only works on Windows and doesn't actually remove the Trojan.
Indeed, removing the malware is a challenge, and many people will be cut off from internet access on March 8, reports the security news site KrebsonSecurity. It also notes that the industry and law enforcement group DNSChanger Working Group (DCWG) has a site that can help people check whether their systems are infected.
To get help, network administrators can send a request to one of the members of the DCWG and home users can use the step-by-step instructions at the DCWG website to see if they're infected with the DNSChanger malware.
If you determine your system is infected you can start from scratch and reinstall your operating system, or take the FBI's advice and get help from a professional if you want to remain online after March 8.