For 350,000 unsuspecting Internet users infected with the DNSChanger malware, the Web will cease to function on July 9. Here’s why, and how to check your PC before zero hour.
If you’re one of an unlucky 350,0000 Internet users out there, your Internet connection could black out on July 9.
In an effort to clean up the mess left behind by an “Internet fraud ring,” the FBI is urging Internet users to check their computers for an infection by a DNSChanger, a DNS redirecting malware that infected over 4.2 million computers, and could still affect many.
In November 2011, in an FBI sting called “Operation Ghost Click,” six Estonian nationals were arrested for running a sophisticated crime ring. Their malware, DNSChanger, netted them over $14 million in illicit revenue. The malware in question worked like this: When you click on a link to a website or type in its URL, your computer sends a request to a DNS server, which translates the URL into the appropriate IP address. The IP address is sent back to your browser, which can then find the website in question. The DNSChanger would hijack the requests of infected users and redirect the requests to their own DNS servers. Their DNS servers would then translate the URLs into an illegitimate IP address and trick the browser into displaying a different website. Essentially, trying to access YouTube could send you to a porn site.