I have read on the internet that hundreds of thousands of computers might
lose internet access after July 09, 2012. Is this true? They have estimated
that more than 20,000 of such computers are right here in my country. If this
is true, how serious is the threat?
Will you lose internet access? I have no idea.
But many people whose computers have been compromised by malware just might.
If you happen to be one of those people, then yes – there’s a good chance you
could wake up on July 9 to no internet.
I’ll explain what happened, what’s happening in July, what you need to do
to find out if you’re affected, and what to do if you are.
Become a Patron of Ask Leo! and go ad-free!
What happened
In a word, malware.
Last year, malware appeared that infected over half a million computers
worldwide. To understand exactly what this malware did, we need to review
briefly one aspect of how the internet works.
DNS, or the Domain Name System, is the system used
to translate domain names – like “ask-leo.com” – into IP addresses – like
67.225.235.59 (ask-leo.com’s IP address as I write this). It’s the IP address
that locates the actual physical server that houses the website.
machine is infected.”
To perform that mapping, computers are programmed with the IP addresses of
DNS servers – servers which basically answer questions like, “What’s the IP
address for ask-leo.com?” The IP addresses of DNS servers are automatically
provided by your ISP when you connect to the internet, by your router, or you
can configure the DNS server settings in your PC manually.
When this so-called “DNS Changer” malware infected a computer, it altered
the DNS server that a computer would use. Rather than a legitimate DNS server,
PCs were silently reconfigured to use a bogus DNS server.
A DNS server that would sometimes lie.
For example, rather than answering the question, “What’s the IP address for
google.com?” with the correct answer, the rogue DNS server would return a
different IP address: the IP address of a malicious server that was
configured to look like google.com, but in fact, it’s not the real server
at all.
And as long as the malicious server looked enough like Google, the
computer user wouldn’t know until it was too late that something was wrong.
There’d be no error message.
The bogus site (which could be any site the hackers chose, not just
google.com) could itself install more malware, display additional
advertising, or do just about anything that a malicious website could do. All
without warning.
What’s happening in July
In November, the hackers were caught.
But hundreds of thousands of infected machines were left with their DNS
settings pointing to their bogus DNS servers.
So, rather than removing the DNS servers from the internet, the agencies
that caught the hackers instead changed them to be legitimate ones, at least
temporarily.
Apparently at a cost to the government of about $10,000/month.
While this meant that people with infected machines would now be able to
surf the net more safely, it didn’t change the fact that their computers
were, fundamentally, still compromised.
On July 9th, those DNS servers are going away.
On that day, anyone whose computer is still infected and attempting to use
those servers to get DNS answers won’t get an answer at all.
And without DNS, you can’t answer the “What’s the IP address of _____?” for
any internet domain.
Meaning that for those people, the internet will simply stop working.
Let me be clear: the internet will stop working only if your machine
is infected.
Are you affected?
Visit the DNS Changer Working
Group and click the green button labeled “Detect”. (Note: As I write this,
the site appears to be having intermittent problems, probably due to load as
a result of the recent flurry of news reports. Keep trying or try again a
little later.)
This will examine whether or not your computer is affected by the DNS
Changer malware.
If you’re not, you’re done. July 9 will be a non-event for you.
What to do if you’re affected
If dcwg indicates that you’re
affected, the page should also include information on what to do.
The good news is that there are many free tools that are listed as
resolving the issue – free tools from most of the major anti-malware utility
vendors. Specifically,
Windows Defender Offline (formerly Microsoft Standalone System Sweeper)
is listed, and it would probably be the tool I’d reach for first.
After cleaning DNS Changer off of your machine, I would also seriously
review the anti-malware tools that you’re currently using.
Put simply, it should have been caught by now.
Hundreds of thousands may
lose Internet in July – SFGate / San Francisco Chronicle / AP, February
20, 2012.
Manhattan U.S. Attorney
Charges Seven Individuals for Engineering Sophisticated Internet Fraud Scheme
That Infected Millions of Computers Worldwide and Manipulated Internet
Advertising Business – FBI, November 9, 2011
Might be a good test to run if the site was an actual site, and not a broken link. You can get to the site, but once you click anything, the link is broke. It may be due to many people attempting to use, but just not too sure at all.
21-Apr-2012
Why aren’t you pointing people to the http://www.dcwg.org/ site?
The download appears unnecessary to me. Please explain.
22-Apr-2012
Sorry, it turned out to be a Google ad that probably led to who knows what.
Glad that I’m not the only one that has to say sorry !!
But my laptop did come up very green !!!
If it’s that simple it should be in the Malicious Software Removal Tool Microsoft send each month in updates etc, knowing fully that next to nobody reading your site would skip those?
We could hope.
Great article Leo. THANKS! Lots of questions about this recently from customers. Any idea on the most
affected countries by this?
25-Apr-2012
so how much is it going to cost “me” to keep from losing internet access?? I believe its all about the money……………………………………..
25-Apr-2012
thanks Leo – I wasn’t aware of this and have rapidly checked the family computers. Calmness reigns…
Andrew
Will this affect Macintosh computers?
26-Apr-2012
thx! I’m “green” and that was fast!