clock menu more-arrow no yes

Filed under:

FBI says 360,000 DNSChanger-infected computers may lose web access in July

New, 29 comments

The FBI says that hundreds of thousands of computers are still dependent on servers that replaced those used by the DNSChanger botnet, and will effectively lose internet access if they do not remove malware from their computers by July 9th.

DNSChanger
DNSChanger

The FBI is preparing to shut down servers that have allowed users whose computers are infected with DNSChanger malware to connect to the internet. The massive botnet was shut down last year, but officials realized that without the rogue servers to redirect addresses, infected computers would be unable to surf the web. "The average user would open up Internet Explorer and get 'page not found' and think the Internet is broken," said Tom Grasso of the FBI. In response, agents swapped out the infected servers for clean ones, but unless the end user actually removes DNSChanger from their computer, they'll remain dependent on the botnet for internet access. Initially, the servers were only supposed to run until March, but a judge extended their use to July 9th.

As the deadline draws closer, however, many users have yet to remove the malware or are unaware that their computers are even infected. At least 360,000 users, the FBI says, remain on the servers, a plurality of which (85,000) are in the US. Paul Vixie, who manages the network, believes that most of the computers are personal home computers at this point, despite DNSChanger reportedly having compromised half of Fortune 500 companies and government agencies as well. For now, the FBI is recommending that users visit the DNS Changer Working Group to see if their machines have been hijacked.