Internet users scanning their Twitter feeds or Facebook accounts Sunday might want to add one more quick click to check their computer for malware.
Thousands of people around the country whose computers were infected with the malicious DNSChanger software more than a year ago faced the possibility of not being able to get online after midnight EDT.
At 12:01 a.m. EDT, the FBI planned to shut down the Internet servers set up as a temporary safety net to keep infected computers online for the past eight months. The court order the agency obtained to keep the servers running expired, and it was not renewed.
The problem began when international hackers ran an online advertising scam to take control of more than 570,000 infected computers around the world. When the FBI went in to take down the hackers late last year, agents realized that if they turned off the malicious servers being used to control the computers, all the victims would lose their Internet service.
In a highly unusual move, the FBI set up the safety net. The bureau brought in a private company to install two clean Internet servers to take over for the malicious servers so that people would not suddenly lose their Internet.
The FBI arranged for a private company to run a website — http://www.dcwg.org — as a place where computer users could go to see if their computer was infected by DNSChanger, and find links to other computer security business sites where they could find fixes for the problem. (If you want a quick check of your computer’s status, the FBI-authorized dns-ok.us site is fast — no software is required for the scan.)
From the onset, most victims didn’t even know their computers were infected, although the malicious software probably has slowed their web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.
Many computer users don’t understand the complex machines they use every day to send email, shop and cruise for information. The cyberworld of viruses, malware, bank fraud and Internet scams is often distant and confusing, and warning messages may go unseen or unheeded.
Also, some people simply don’t trust the government, and believe that federal authorities are only trying to spy on them or take over the Internet. Blogs and other Internet forums are riddled with postings warning of the government using the malware as a ploy to breach American citizens’ computers. That’s a charge the FBI and other cybersecurity experts familiar with the malware quickly denounce as ridiculous.
Still, the Internet is flooded with conspiracy theories:
“I think the FBI just wants everyone to go to that website to check our computers so they can check our computers as well. Just a way to steal data for their own research,” one computer user said in a posting on the Internet.
Another observed: “Yet another ploy to get everyone freaked out … remember Y2K.”
There also is an underlying sense that this will be much ado about nothing, such as the approach of 2000. The transition to that year presented technical problems and fears that some computers would stop working because they were not set up for the date change. In the end there were very few problems.
Considering there are millions of Internet users across the country, several thousand isn’t a big deal, unless you’re one of them.
Rep. Jim Langevin, D-R.I., and co-founder of Congress’ cybersecurity caucus, said computer uses have a responsibility to practice good sense and make sure their computers are not infected or being hijacked by criminals.
“These types of issues are only going to increase as our society relies more and more on the Internet, so it is a reminder that everyone can do their part,” he said.
FBI officials have been tracking the number of computers they believe still may be infected by the malware. As of Wednesday, there were about 45,600 in the U.S. — nearly 20,000 less than a week ago. Worldwide, the total is roughly 250,000 infected. The numbers have declined steadily, and recent efforts by Internet service providers may limit the problems on Monday.
Tom Grasso, an FBI supervisory special agent, said many Internet providers have plans to try to help their customers. Some may put technical solutions in place that will correct the server problem. It they do, the Internet will work, but the malware will remain on victims’ computers and could pose future problems.
Other Internet providers are simply braced for the calls to their help lines.
By Monday, if you can’t read this online, those customer support lines will be your only solution.