DNSChanger: Internet 'Doomsday' Feared As FBI Shuts Off Gang's Servers

Posted: Updated:
Print Article

A virus which spread almost a year ago could cripple 20,000 UK computers on Monday, as the FBI switches off a fraud gang's servers which were commandeered in 2011.

The purpose of the virus was to change victims' internet settings to make them visit fraudulent websites. The fraudsters earned more than $14m through the scheme.

The DNSChanger botnet was installed on hundreds of thousands of machines until the FBI in the US managed to uncover the source of the fraud about 12 months ago.

Seven people have been charged for a range of crimes, including wire fraud, computer intrusion conspiracy and money laundering and more, and could face decades in prison.

However because the virus needs to access the botnet's servers to keep infected users online, the FBI were unable to shut it down right away. If they had, thousands would have lost internet access immediately.

Instead they have had to leave the virus' servers online for more than a year - and a planned switch-off in March also had to be delayed because hundreds of businesses still hadn't cleaned their machines.

But on Monday the FBI will be turning the botnet off for good - and that could leave thousands stranded:

  • Around 20,000 people in the UK and hundreds of thousands in the US are still thought to be infected.
  • Up to four million machines were originally infected in the US, but that is now closer to 300,000.
  • Italy (26k), Germany (18k) and India (21k) all have thousands of machines that could be shut down when the servers are turned off.

Users have been warned by several sources, including Google, Facebook and ISPs, that they need to run anti-virus software on their machines and remove the virus before it is too late.

But many have ignored the warnings and are now facing 'Internet doomsday'.

Internet security firm Kaspersky has even released a free tool to uninstall the virus, and has encouraged anyone still affected to do so before the switchover.

In November, the FBI explained: "To carry out the scheme, the defendants and their co-conspirators used what are known as “rogue” Domain Name System (“DNS”) servers, and malware (“the Malware”) that was designed to alter the DNS server settings on infected computers. Victims’ computers became infected with the Malware when they visited certain websites or downloaded certain software to view videos online."

"The Malware altered the DNS server settings on victims’ computers to route the infected computers to rogue DNS servers controlled and operated by the defendants and their co-conspirators."

Around the Web

What the 'Internet doomsday' virus is and how to fix it

Malware Attack Threatens to Kick Users Offline Monday

How to survive internet doomsday

'Internet doomsday' a ticking time bomb

World isn't going to end — and neither are the doomsday fears