Will the Government Shut Down Your Computer July 9?
A detail of James Montgomery Flagg's original World War I recruiting poster.
CREDIT: Public domain
This article was first published in February, before the cutoff date for computers infected by the DNSChanger Trojan was extended to July 9, 2012. Everything in this article still applies -- and there will definitely not be another extension of the cutoff date.
You may have heard recently that the FBI will be "turning off the Internet" on July 9 for millions of computer users. That's not quite the case, but it's still a serious situation.
To clear up the misunderstandings about this problem, we've put together a list of frequently answered questions.
Will I lose Internet access on July 9?
Probably not. But to be sure, point your Web browser to http://dns-ok.us/ to find out. If you see green, you're fine.
What if I see red?
Then you've got a problem. The first thing to do will be to change some technical settings on your computer. Click here for instructions on how to do so. That will make sure you still have Internet access when the fateful day comes.
The second thing to do will be to update and run strong anti-virus software that will clean up your machine, because these particular malware infections are pretty nasty. You'll probably have to pay for the software. Here's a list of recommended anti-virus software.
If you clean up your computer and you're still seeing red, your home or office router may be infected. If so, it's probably easiest to buy a new one.
I'm using a Mac. Do I need to worry?
Yes. There are many forms of malware involved, and some affect Macs as well. Here's a list of Mac anti-virus software.
Any chance the deadline will be extended beyond July 9?
No. The government originally set the cutoff date for March 8, but the a judge extended it to July 9 — you can read the motion here. Many security professionals would have preferred to stick to the original deadline, and their opinions have held sway this time.
Why? That seems awfully mean.
It's not really. The infected computers and routers have to be cleaned up sometime, and it might as well be sooner rather than later.
But I'm only hearing about this now!
The mainstream press started reporting on this four months ago, and then forgot about it. In any case, you've still got a few days to fix the problem.
I'm still confused. What exactly happened?
(Deep breath.) For about five years, a cybercriminal ring based in Estonia ran a "clickjacking" scam that paid it every time people clicked on online ads it had placed. To boost revenue, the gang used various kinds of malware to infect millions of computers and networking devices worldwide.
I don't get it.
Follow me here. The malware changed the infected machines' settings so that people searching for various things online would be redirected to webpages that the criminals controlled, and on which the criminals had placed the ads that made them money.
Here's a YouTube video that shows how it worked. (Despite what happens in the video, the malware affects Firefox too.)
So what's wrong with that?
It doesn't sound so bad at first, but the gang defrauded online ad-placement companies of about $14 million over those five years. Even worse, the gang's malware often disabled anti-virus and operating-system updates on the infected computers, leaving them vulnerable to other kinds of infection.
Wow. How many people were affected?
About four million computers and network routers were infected worldwide, including about a million in the U.S. The FBI explains it all here.
How did the malware infect computers?
Through "drive-by downloads" from infected Web pages, and through Trojan horses such as phony online-video software downloads.
How many people are still infected?
We don't know for certain. One estimate is that 300,000 computers worldwide could lose Internet access on July 9. Another recent figure states that more than 10 percent of the Fortune 500 companies have at least one infected computer, but if you read between the lines that could mean as few as 60 PCs — or as many as half a million.
I still don't get it. How did the infection affect Internet access?
When you type in a Web address, your computer doesn't actually understand what you're asking for. Instead, it looks up what you typed on what's called a Domain Name System server, which tells your computer where to go. Most computers use the DNS server supplied by their Internet service providers.
I'm lost already. DNS what?
Think of a DNS server as a phone book or a map that every Internet service provider has a copy of.
Okay. So the bad guys changed the phone books?
Exactly. And the fake phone books took infected computers to rogue websites where the bad guys put up ads.
Will this affect email as well?
Yes. DNS servers also translate Internet addresses for email software.
So what does the FBI have to do with this?
The FBI shut down the rogue DNS servers — there were about 100 of them — but in order to keep all those infected users online, it got a court order to keep the fake phone books in place for another four months, until March 8, and then for another four months again, until July 9.
And that court order expires July 9?
So what happens then?
The fake phone books get taken offline and, because they'll no longer be able to translate Web addresses, so will all the infected machines still relying on them.
Why can't the FBI just keep them up longer without a court order? After all, they're part of the government.
The FBI isn't actually running those servers. That's being handled by a non-profit company in Silicon Valley which isn't in the business of law enforcement, and it doesn't want to step into murky legal territory.