Heard the one about the FBI shutting down the Internet next month?
Like many memes before it, this dire warning is floating around blogs and sites. It even names a date: March 8 as the day the FBI might “shut down the Internet.” But relax, that’s not really the case.
While yes, an untold number of people may lose their Internet connection in less than three weeks, if they do they have only nefarious Web criminals to blame and certainly not the FBI.
If people end up in the dark on March 8, it’s because they’re still infected with the malware the FBI started warning people about last November when it shut down a long-standing Estonian Web traffic hijacking operation that controlled people’s computers using a family of DNSChanger viruses. The malware works by replacing the DNS (Domain Name System) servers defined on a victim’s computer with fraudulent servers operated by the criminals. As a result, visitors are unknowingly redirected to websites that distributed fraudulent software or displayed ads that put money into the bad guys’ pockets.
Here’s the worst part: The malware also prevents security updates and disables installed security software.
To help protect victims, the FBI replaced the rogue servers with legitimate ones — a measure the agency said would be in effect for 120 days. Had it not taken that step and simply shut down the bad servers back in November, infected computers would have been immediately blocked from Internet access.
So the current problem isn’t that the FBI will be shutting down the Internet when the 120 days runs out on March 8, it’s that many people and organizations haven’t removed the malware from their computers. In fact, as many as half of Fortune 500 companies and government agencies are delinquent in updating, according to some reports.
So how do you know if your computer or router is infected with DNSChanger?
The FBI says the best way to know is to have them checked out by a computer professional, which admittedly isn’t very helpful.
However, it does offer a resource paper [PDF] with guidance to make that determination yourself, although even if you find out your system is infected, the FBI says you still need a pro to scrub your machine.
As another alternative, you can use the free Avira DNS Repair Tool to figure out if a computer is using one of the temporary DNS servers. Unfortunately, the tool works only on Windows and doesn’t actually remove the Trojan horse.
Indeed, removing the malware is a challenge, and many people will be cut off from Internet access on March 8, reports the security news site KrebsonSecurity. It also notes that the industry and law enforcement group DNSChanger Working Group (DCWG) has a site that can help people check whether their systems are infected.
To get help, network administrators can send a request to one of the members of the DCWG, and home users can use the step-by-step instructions at the DCWG website to see if they’re infected with the DNSChanger malware.
If you determine your system is infected, you can start from scratch and reinstall your operating system, or take the FBI’s advice and get help from a professional if you want to remain online after March 8.