I have read on the internet that hundreds of thousands of computers might
lose internet access after July 09, 2012. Is this true? They have estimated
that more than 20,000 of such computers are right here in my country. If this
is true, how serious is the threat?
Will you lose internet access? I have no idea.
But many people whose computers have been compromised by malware just might.
If you happen to be one of those people, then yes – there’s a good chance you
could wake up on July 9 to no internet.
I’ll explain what happened, what’s happening in July, what you need to do
to find out if you’re affected, and what to do if you are.
Become a Patron of Ask Leo! and go ad-free!
In a word, malware.
Last year, malware appeared that infected over half a million computers
worldwide. To understand exactly what this malware did, we need to review
briefly one aspect of how the internet works.
DNS, or the Domain Name System, is the system used
to translate domain names – like “ask-leo.com” – into IP addresses – like
126.96.36.199 (ask-leo.com’s IP address as I write this). It’s the IP address
that locates the actual physical server that houses the website.
machine is infected.”
To perform that mapping, computers are programmed with the IP addresses of
DNS servers – servers which basically answer questions like, “What’s the IP
address for ask-leo.com?” The IP addresses of DNS servers are automatically
provided by your ISP when you connect to the internet, by your router, or you
can configure the DNS server settings in your PC manually.
When this so-called “DNS Changer” malware infected a computer, it altered
the DNS server that a computer would use. Rather than a legitimate DNS server,
PCs were silently reconfigured to use a bogus DNS server.
A DNS server that would sometimes lie.
For example, rather than answering the question, “What’s the IP address for
google.com?” with the correct answer, the rogue DNS server would return a
different IP address: the IP address of a malicious server that was
configured to look like google.com, but in fact, it’s not the real server
And as long as the malicious server looked enough like Google, the
computer user wouldn’t know until it was too late that something was wrong.
There’d be no error message.
The bogus site (which could be any site the hackers chose, not just
google.com) could itself install more malware, display additional
advertising, or do just about anything that a malicious website could do. All
What’s happening in July
In November, the hackers were caught.
But hundreds of thousands of infected machines were left with their DNS
settings pointing to their bogus DNS servers.
So, rather than removing the DNS servers from the internet, the agencies
that caught the hackers instead changed them to be legitimate ones, at least
Apparently at a cost to the government of about $10,000/month.
While this meant that people with infected machines would now be able to
surf the net more safely, it didn’t change the fact that their computers
were, fundamentally, still compromised.
On July 9th, those DNS servers are going away.
On that day, anyone whose computer is still infected and attempting to use
those servers to get DNS answers won’t get an answer at all.
And without DNS, you can’t answer the “What’s the IP address of _____?” for
any internet domain.
Meaning that for those people, the internet will simply stop working.
Let me be clear: the internet will stop working only if your machine
Are you affected?
Visit the DNS Changer Working
Group and click the green button labeled “Detect”. (Note: As I write this,
the site appears to be having intermittent problems, probably due to load as
a result of the recent flurry of news reports. Keep trying or try again a
This will examine whether or not your computer is affected by the DNS
If you’re not, you’re done. July 9 will be a non-event for you.
What to do if you’re affected
If dcwg indicates that you’re
affected, the page should also include information on what to do.
The good news is that there are many free tools that are listed as
resolving the issue – free tools from most of the major anti-malware utility
Windows Defender Offline (formerly Microsoft Standalone System Sweeper)
is listed, and it would probably be the tool I’d reach for first.
After cleaning DNS Changer off of your machine, I would also seriously
review the anti-malware tools that you’re currently using.
Put simply, it should have been caught by now.
Hundreds of thousands may
lose Internet in July – SFGate / San Francisco Chronicle / AP, February
Manhattan U.S. Attorney
Charges Seven Individuals for Engineering Sophisticated Internet Fraud Scheme
That Infected Millions of Computers Worldwide and Manipulated Internet
Advertising Business – FBI, November 9, 2011