Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Will I lose internet access in July?

I have read on the internet that hundreds of thousands of computers might
lose internet access after July 09, 2012. Is this true? They have estimated
that more than 20,000 of such computers are right here in my country. If this
is true, how serious is the threat?

Will you lose internet access? I have no idea.

But many people whose computers have been compromised by malware just might.
If you happen to be one of those people, then yes – there’s a good chance you
could wake up on July 9 to no internet.

I’ll explain what happened, what’s happening in July, what you need to do
to find out if you’re affected, and what to do if you are.

Become a Patron of Ask Leo! and go ad-free!

What happened

In a word, malware.

Last year, malware appeared that infected over half a million computers
worldwide. To understand exactly what this malware did, we need to review
briefly one aspect of how the internet works.

DNS, or the Domain Name System, is the system used
to translate domain names – like “ask-leo.com” – into IP addresses – like
67.225.235.59 (ask-leo.com’s IP address as I write this). It’s the IP address
that locates the actual physical server that houses the website.

“… the internet will stop working only if your
machine is infected.”

To perform that mapping, computers are programmed with the IP addresses of
DNS servers – servers which basically answer questions like, “What’s the IP
address for ask-leo.com?” The IP addresses of DNS servers are automatically
provided by your ISP when you connect to the internet, by your router, or you
can configure the DNS server settings in your PC manually.

When this so-called “DNS Changer” malware infected a computer, it altered
the DNS server that a computer would use. Rather than a legitimate DNS server,
PCs were silently reconfigured to use a bogus DNS server.

A DNS server that would sometimes lie.

For example, rather than answering the question, “What’s the IP address for
google.com?” with the correct answer, the rogue DNS server would return a
different IP address: the IP address of a malicious server that was
configured to look like google.com, but in fact, it’s not the real server
at all.

And as long as the malicious server looked enough like Google, the
computer user wouldn’t know until it was too late that something was wrong.
There’d be no error message.

The bogus site (which could be any site the hackers chose, not just
google.com) could itself install more malware, display additional
advertising, or do just about anything that a malicious website could do. All
without warning.

What’s happening in July

In November, the hackers were caught.

But hundreds of thousands of infected machines were left with their DNS
settings pointing to their bogus DNS servers.

So, rather than removing the DNS servers from the internet, the agencies
that caught the hackers instead changed them to be legitimate ones, at least
temporarily.

Apparently at a cost to the government of about $10,000/month.

While this meant that people with infected machines would now be able to
surf the net more safely, it didn’t change the fact that their computers
were, fundamentally, still compromised.

On July 9th, those DNS servers are going away.

On that day, anyone whose computer is still infected and attempting to use
those servers to get DNS answers won’t get an answer at all.

And without DNS, you can’t answer the “What’s the IP address of _____?” for
any internet domain.

Meaning that for those people, the internet will simply stop working.

Let me be clear: the internet will stop working only if your machine
is infected
.

Are you affected?

Visit the DNS Changer Working
Group
and click the green button labeled “Detect”. (Note: As I write this,
the site appears to be having intermittent problems, probably due to load as
a result of the recent flurry of news reports. Keep trying or try again a
little later.)

This will examine whether or not your computer is affected by the DNS
Changer malware.

If you’re not, you’re done. July 9 will be a non-event for you.

What to do if you’re affected

If dcwg indicates that you’re
affected, the page should also include information on what to do.

The good news is that there are many free tools that are listed as
resolving the issue – free tools from most of the major anti-malware utility
vendors. Specifically,
Windows Defender Offline
(formerly Microsoft Standalone System Sweeper)
is listed, and it would probably be the tool I’d reach for first.

After cleaning DNS Changer off of your machine, I would also seriously
review the anti-malware tools that you’re currently using.

Put simply, it should have been caught by now.

Subscribe to Confident Computing! Tech problem solving & safety tips & a weekly confidence boost in your inbox every week.

I'll see you there!

10 Reasons Your Computer is Slow

Slow Computer?

Speed up with my special report: 10 Reasons Your Computer is Slow, now updated for Windows 10.

NOW: name your own price! You decide how much to pay -- and yes, that means you can get this report completely free if you so choose. Get your copy now!

10 comments on “Will I lose internet access in July?”

  1. Might be a good test to run if the site was an actual site, and not a broken link. You can get to the site, but once you click anything, the link is broke. It may be due to many people attempting to use, but just not too sure at all.

    I actually mentioned that in the article you just commented on. Be patient. Try again later.

    Leo
    21-Apr-2012
    Reply
  2. Why aren’t you pointing people to the http://www.dcwg.org/ site?

    The download appears unnecessary to me. Please explain.

    I don’t know what download you’re talking about. The article does link to dcwg.org.

    Leo
    22-Apr-2012
    Reply
  3. If it’s that simple it should be in the Malicious Software Removal Tool Microsoft send each month in updates etc, knowing fully that next to nobody reading your site would skip those?

    We could hope.

    Reply
  4. Great article Leo. THANKS! Lots of questions about this recently from customers. Any idea on the most
    affected countries by this?

    I don’t know, but I believe some of the resources linked to in the article include that if you drill down far enough.

    Leo
    25-Apr-2012
    Reply
  5. so how much is it going to cost “me” to keep from losing internet access?? I believe its all about the money……………………………………..

    Shouldn’t cost you a thing. The test and all of the fix it utilities referenced by the pages are all free.

    Leo
    25-Apr-2012

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.