The US government has secured an extension to keep computers infected with the DNSChanger malware connected to the internet until July 9th. The move prolongs the original date of March 8th set by the Southern District of New York court, which would have seen the remaining infected systems be cut off from the web. Systems infected with DNSChanger — which were originally reported to number about four million worldwide, including systems at half of all fortune 500 companies and US federal agencies — currently access the internet through temporary DNS servers that replaced the rogue servers seized by the FBI. While the instances of DNSChanger appear to have dropped significantly, the original 120 days to clean out the malware apparently wasn't enough.
Over the last month, the temporary servers routed an average of 430,000 infected IP addresses according to the government request for extension. Security firm Internet Identity also found that at least 94 Fortune 500s and three major government agencies are still infected with DNSChanger. The remaining infected systems will now have an additional four months to get rid of the malware before having their DNS pulled.
It's estimated that DNSChanger generated close to $14 million in illicit advertising money via click hi-jacking and replacing online ads. The six individuals who were allegedly responsible for releasing the malware have been cleared for extradition by an Estonian court to face trial in the US.