Thousands will lose Internet connectivity from July 9; but fix is easy

Thousands of Internet users are expected to face an Internet blackout from July 9, 2012 (this coming Monday). Whom will be affected, you ask? The users who’s machines are infected by the DNSChanger malware.

DNSChanger is a piece of malware developed by six Estonian cybercriminals. Over the past five years they have been infecting computers around the globe with DNSChanger, with an estimated four million computers infected. What DNSChanger does is it hijacks the DNS settings on computers and redirects users’ Internet browsing (web searches, website ads, etc.) to spoofed websites which contain advertisements. The more people that visit the spoofed websites and click or view the ads, the more revenue the criminals receive. It is reported that the criminals made $14 million from those ads. Not bad for five years of work, if I do say so myself.

The Federal Bureau of Investigation (commonly known as the FBI) had seized the servers of the attackers who were responsible for the DNSChanger malware, in November 2011. The FBI didn’t close down those servers entirely since that would have affected the users who were infected by the virus, i.e. shutdown their Internet access.

Since the seizure of the servers, the FBI had setup a temporary server setup with the help of a non-profit organization, Internet Systems Consortium, to provide the infected users proper time to get themselves cleaned up. The FBI has been trying to inform and alert the infected users about the malware all this time through different sources.

The servers were originally planned to be shut down on May 2012, but the action had been delayed since the number of infected users was still high during at that time. Even today, as per reports, 304,000 computers still remain infected by the malware, of which 70,000 are in the United States.

Checking whether you are infected by the DNSChanger malware is quite simple and  a fix, if you are indeed infects, is also easy. To check if you are infected, simply visit the DNSChange Check-up website (link given below); the website will tell you whether you are clean or infected, without the need of any download or scan. If you find that your computer has been infected by DNSChanger, you are suggested to visit DCWG Fix section (link below) for details on how you can get yourself clean.

DNSChange Check-up website

DCWG Fix section

[via CNN Money]

Related Posts

  • Quozy

    Had a quick look around re Y2K damage etc., and found the following interesting discussion:-

  • Quozy

    @ DAN

    “I mean, they Y2K bug hogged the media for months before we all found out it was a slightly “over-played” in light of the little damage it actually did.”

    I keep hearing comments like that but I always wonder what would have happened IF little or nothing had been done.

    Perhaps some budding programmer could create a simulation showing worldwide consequences of Y2K if it had been ignored.

  • David

    I just tried to go to, but it is not coming up for me.

    I tried some other ones and they worked fine (including the one for Australia)…
    I’m based in Australia.

  • WildCat

    I had originally seen this about a week ago on the Better Business Bureau’s website:

    From the Better Business Bureau article:

    Arlington, VA – Hundreds of thousands of Internet uses may lose their online access on July 9, 2012, and Better Business Bureau is urging all consumers and businesses to run a quick and easy diagnostic test to see if their computers are infected. The FBI’s DNS Changer Working Group can detect the malware and explain how to fix infected machines.

    “Everyone should check to see if their computer is infected,” urged Katherine Hutt, spokesperson for the Council of Better Business Bureaus. “It takes less than a minute to check and, if your equipment is clean, there is nothing more you need to do. If your computer is infected, the DNS Changer Working Group recommends the necessary steps to save your computer. But this must be done by July 9th or you could lose internet access.”

    Last November, the FBI took down the servers of international hackers operating out of Estonia. The hackers had already successfully downloaded malware onto more than half a million computers, turning off virus updates and redirecting consumers to fraudulent websites. If the servers had simply been shut down, the victims’ computers would no longer be able to access the internet. Instead, the FBI set up clean servers to replace the ones that were running the scam, and victims have been redirected to those clean servers ever since, usually without any knowledge they’d been infected in the first place.

    Originally the rescue servers were to be active until March, but a court ruling extended the program until July 9th. At that time the clean servers will be turned off and anyone who is still infected with the malware will lose their internet access. The FBI believes there are still about 360,000 infected computers in a dozen countries, including the U.S. and Canada.

    For more info on the story you can check out:
    F.B.I. article:Operation Ghost Click
    International Cyber Ring That Infected Millions of Computers Dismantled : … from recent articles I’ve read they estimate that about 64,000 computers in the United States are still infected.

    On a side note: FBI did their job and caught the bad guys AND they replaced the rogue DNS servers with SAFE DNS routing servers that have been in use since then to “provide ISPs the opportunity to coordinate user remediation efforts.” So I say that the FBI did its job in not only capturing the crooks, but went above and beyond in setting up the safe DNS servers that MILLIONS of people have probably used- since November 9, 2011- and not even known about it.

    For those that are ‘skeptical’ about using the FBI’s website you can use the McAfee site. Just go to:
    and click on the Check Now button.

  • ebony

    @Dan: It was in the media on several different stations. That is where I first was made aware of it.

  • Dan

    @Suzan Ragan:

    Why say it would have been nice if the anti-virus companies and/or the computer manufacturers had given us a heads-up on this, when the FBI are the ones who have been following this for so long now? Don’t you think it is they who are in the right place to put out a warning to the public..isn’t that what they are supposed to protect the public from crime in general?

    Another thing is that there are more than a few other people out there beyond the US, who own PCs..or don’t they factor into all of this? If this is such a big deal, then why are we only hearing about it here on this site the day before the event? I mean, they Y2K bug hogged the media for months before we all found out it was a slightly “over-played” in light of the little damage it actually did. But this, being a supposed real threat and no serious coverage on it..or statement regarding it until now?

    This should have been plastered all over the news media and TV..but it wasn’t. The FBI should have started a public program of information about it..but they seem not to have done so. And you say the anti-virus companies and/or the computer manufacturers should have done more? About what? Something that those investigating didn’t even bother to push out there in the first place?

    Aren’t you missing the point here a little?

  • Suzan Ragan

    In regards to @glen and his statement, “I have yet to here of anyone who has had a fail at the site.” or in other words, wondering why everyone seems to be “green” at these check-in sites and have been non-infected that he has heard of. The following are just a few statistics to hopefully clarify things. As of the July 2011 U.S.Census, there are 313,945,886 living in the United States. In a survey conducted by Opinion Research Corporation’s CARAVAN poll, 76% of these people own personal computers, which would be 238,598,873 people. Since there are about 70,000 U.S. computers still infected with the DNSChanger malware, that would be 2.9% of U.S. PC owners, or 1 out of every 3409 PC is infected. Now Glen is supposing that all 70,000 infected computer owners know that their PC’s having been infected, and know about the possibility of losing internet connectivity July 9, and know where to go to check if their PC is infected, and if so, to get it fixed. But, of course, that is absolutely not true. I can’t be sure because I don’t have these statistics, but it is very probable that only a very small percentage of those 70,000 PC customers know anything about this warning. It would have been nice if the anti-virus companies and/or the computer manufacturers had sent out mass emails and/or done television PSA to their customers informing them about the possible upcoming internet problems due to possible infection, but that is water under the bridge.

  • jayesstee


    Exactly! The phrase “Do Pigs Fly” has always meant to me: “If you believe that, you’ll believe anything”.

    Politicians and their tame security organizations don’t understand public skepticism. :=(

  • Dan


    ..apparently in the US..ANYTHING is possible..legallity is another story. :- )

  • jayesstee


    Do pigs levitate?


    Hi & thanks for the Info. Is this the same FBI that’s headed up by that super-ethical, super-honest & super-trustworthy Eric Holder or is there another? I assume that the scan record is always destroyed & erased after they let you know of any infection or am I mistaken?

  • Dan

    You can’t blame folks for having what appears a negative view..I mean, the FBI trying to undo the tricky work of half a dozen east european crooks..while there is no word on how many PCs have been infected by their (CIA) crap malware recently.

    Don’t you think it would be more in keeping to try and undo what they have doen themselves, rather than going after a group of guys just out to make money? I’m not saying what these crooks have done is ok or should be condoned, but I do think it is serious arrogance on the part of the Feds to be doing this and yet doing sod all about the mess their fellow agency has created..and is still more than likely using to snoop on folks all around the world.

    If these 6 guys are crooks, then what does that make the CIA extention, the not doing anything about it?

    If it’s a crime to infect folk with malware/trojans and crap in general..and the FBI is duty bound to go after such people, hten why is the CIA getting away with this? Where is the public accountability in all of this? It can’t be OK for GOVs to do what they like and a crime if we do the exact same thing..and if it is not OK, then you have to ask who are these government bodies really serving and who’s interests they are more concerned with..ours or theirs?

    I could go on about this, but I’m sure you get my point. There has to be a line drawn that should not be all parties.

  • ebony

    Thanks for letting us know how to get some feed back. Never mind the negative comments, comments without a better suggestion is a waste of space.

  • glen

    good idea,let the f.b.I. scan your computer!I have yet to here of anyone who has had a fail at the site.I personally would avoid there page like the plague.

  • Rob (Down Under)

    I am green, but that page says –
    “if your ISP is redirecting DNS traffic for its customers you would have reached this site even though you are infected”
    How do we know if our ISP is redirecting DNS traffic ?

    Life was simpler in my younger days.
    All we had to do was keep the horse and the carrier pigeon well fed.

    PS Did I tick the checkbox below, or is it at last the default ?

  • Druid

    Thanks for the heads-up, tested and I’m clean