SEARCH

Entries in DNS Changer (2)

Monday
Jul092012

DNS Changer: Is Your Computer Safe?

Hemera/Thinkstock(NEW YORK) -- When the clock struck 12:01 a.m. ET today the FBI pulled the plug on the temporary Internet servers it set up to keep computers online if they were infected with a piece of malware called the DNS Changer. The pulling of the plug had the potential to leave as many as 250,000 worldwide without Internet access.

How widespread was the problem really? If you're able to see this story, that should be a very good sign.

Internet Service Providers (or ISPs), like Comcast, Verizon, and Time Warner Cable, have been working with the FBI since January, pinpointing those with infected computers and instructing them on how to remove the DNS malware. The DNS Changer, the FBI said, was created by overseas hackers who were arrested in 2011.

The FBI provided weekly lists of IP addresses to the Internet companies and, in turn, the companies informed their customers of the issue and instructions on how to remove the malware.

If you received no notification, and want to make sure your machine is not infected, you can check by clicking on this link, run by the DNS Changer Working Group, a team working on cleanup resulting from the malware.

Comcast, Verizon, and Time Warner Cable told ABC News they informed users by sending emails and old-fashioned letters, making phone calls to them, even putting pop-up messages in their browsers.

"We did another last push last week and we even sent another hard copy letter to users. As a result, less than 1 percent of our customers will be affected by today's change," Charlie Douglas, a Comcast spokesperson, told ABC News.

Time Warner Cable said it has been working to make sure that even those affected wouldn't have their Internet shut off. "Time Warner Cable has set up its own DNS servers and any TWC customers infected will continue to be able to use the Internet," Time Warner's Justin Venech told ABC News. "We feel that we are providing a better customer experience if we allow any customers who are infected with this malware to stay online."

Like Comcast and other ISPs, Time Warner said it does not expect many customers to have issues today.

"We do not expect to receive many, if any, incoming customer service calls as a result of this issue," Venech said. Similarly, Comcast's spokesperson said, "We've seen extremely low call volume, but our agents are ready to help customers."

Customer service representatives at the ISPs have been trained to help those who call in with issues because of the DNS changer malware issue. Customers who call in will be walked through the fix. Many companies have also launched sites to help those who are having issues.

video platform video management video solutions video player

Copyright 2012 ABC News Radio

Friday
Jul062012

Will You Lose Internet on Monday?

Fuse/Thinkstock(NEW YORK) -- The FBI's temporary Internet servers will go dark Monday, leaving thousands of unsuspecting malware-infected individuals without online access.

What temporary Internet servers, you ask? They might have been connecting you to Facebook, YouTube, and this very website for the last month, and you didn't even know it.

Why is this happening? It all has to do with a piece of computer malware called DNS Changer.

It started in 2007, when a group of hackers -- six Estonians and one Russian -- allegedly started masquerading as Internet advertisers who were paid by the click, according to an 2011 indictment from the U.S. Attorney General's Office in the Southern District of New York. In other words, if an ad got more clicks, they pocketed more cash.

So they figured out a way to beat the system, according to the indictment. They created a piece of malware, called DNS Changer, that tampered with the DNS -- the thing that takes a website address and finds the numerical IP address to connect you to that website -- redirecting millions of Internet users to sites they didn't search for.

For instance, if your computer was infected and you clicked a link to go to Netflix, you would wind up at "BudgetMatch," according to the FBI. The practice is called "click hijacking."

Once the FBI got around to fixing the problem in 2011, it realized it couldn't simply shut down the rogue servers because infected computers would be left without a functioning DNS, leaving them virtually Internet-less. So it set up temporary servers to give malware-infected Internet users time to fix their computers.

And time runs out on Monday, July 9.

video platform video management video solutions video player

(There isn't a planned attack this Monday that will shut down the Internet; those whose computers are already infected will lose the Band-Aid the FBI put on the problem more than a year ago.)

Who Is Affected?

Initially, there were more than 4 million infected computers in 100 countries, including 500,000 in the United States, according to the indictment.

As of July 4, there are only about 46,000 in the United States, FBI spokeswoman Jenny Shearer told ABC News today. PCs and Apple Macs have been infected. Routers and iPads were hit, too.

As of June, the United Sates had more infected computers that any other country, according to data from the DNS Changer Working Group, or DCWG, a group working on cleanup resulting from the malware.

How Do I Know if My Computer Is Infected?

You can check to see whether your computer is infected by clicking on this link, which is run by DCWG.  If the page is green, you're in the clear. If it's red, your computer is infected.

On Thursday the site got 2 million hits, but very few of those computers were infected, DCWG volunteer Barry Greene told ABC News.

Google and Facebook say they have also set up notifications for infected users. If you type in a search term and see a message that says, "Your computer appears to be infected" at the top of your screen, guess what. Your computer is infected.

Comcast, AT&T and Verizon are among the other organizations notifying customers if they have infected machines.

Important: According to DCWG, you should not need to scan, make changes or download anything to tell whether your computer is infected.

My Computer Is Infected. Now What?

The good news is DCWG has put together a page of trusted tools and a step-by-step guide for how to fix your computer.

The bad news is it can take a day or two actually to fix the problem, Greene told ABC News. That's because the malware is in a deep section of the hard drive called the "boot sector."

"The malware problem out there is nasty, and it's impacted society on multiple levels," Greene said. "It's extremely hard to get rid of. In most companies, if they get infected with it, they throw away the hard drive."

If you can't do that, follow the instructions. They include backing up your files and reinstalling your operating system.

What Do I Do if I Lose Internet on Monday?


The FBI and DCWG recommend contacting your Internet service provider. They'll be able to give you instructions on what to do next.

Copyright 2012 ABC News Radio







ABC News Radio