Malware may knock thousands off Internet on Monday

Jul 05, 2012 by LOLITA C. BALDOR
This undated handout image provided by The DNS Changer Working Group (DCWG) shows the webpage resulting from not having the DNS malware. It will only take a few clicks of the mouse. But for hundreds of thousands of computer users, those clicks could mean the difference between staying online and losing their connections. Tens of thousands of Americans may still lose their Internet service Monday July 9, 2012 unless they do a quick check of their computers for malware that could have taken over their machines more than a year ago. (AP Photo/DNC Changer Working Group, FILE )

Despite repeated alerts, tens of thousands may still lose their Internet service Monday unless they do a quick check of their computers for malware that could have taken over their machines more than a year ago.

The warnings about the Internet problem have been splashed across Facebook and Google. Internet service providers have sent notices, and the FBI set up a special website.

According to the FBI, the number of computers that probably are infected is more than 277,000 worldwide, down from about 360,000 in April. About 64,000 still-infected computers are probably in the United States.

The Canadian Internet Registration Authority said about 25,000 of the computers initially affected by the malware were in Canada, but now only about 7,000 machines remain infected there, according to Canadian Internet Registration Authority spokesman Mark Buell.

He said his organization, together with Public Safety Canada and the Canadian Radio-television Telecommunications Commission, has developed an online site where computer users can check their computers for the malware.

People whose computers are still infected Monday will lose their ability to go online, and they will have to call their service providers for help deleting the malware and reconnecting to the Internet.

The problem began when international hackers ran an online advertising scam to take control of more than 570,000 infected computers around the world. When the FBI went in to take down the hackers late last year, agents realized that if they turned off the malicious servers being used to control the computers, all the victims would lose their Internet service.

In a highly unusual move, the FBI set up a safety net. They brought in a private company to install two clean Internet servers to take over for the malicious servers so that people would not suddenly lose their Internet.

And while it was the first time they'd done something like that, FBI officials acknowledged that it may not be the last, since authorities are taking on more of these types of investigations.

The temporary Internet system they set up, however, will be shut down at 12:01 a.m. EDT (0401 GMT) Monday, July 9.

Most victims don't even know their computers have been infected, although the malicious software probably has slowed their online surfing and disabled their antivirus software, making their machines more vulnerable to other problems.

But popular social networking sites and Internet providers have gotten more involved, reaching out to computer users to warn of the problem.

According to Tom Grasso, an FBI supervisory special agent, many Internet providers are ready for the problem and have plans to try to help their customers. Some, such as Comcast, already have reached out.

The company sent out notices and posted information on its website. Because the company can tell whether there is a problem with a customer's Internet server, Comcast sent an email, letter or Internet notice to customers whose computers appeared to be affected.

Grasso said other Internet providers may come up with technical solutions that they will put in place Monday that will either correct the problem or provide information to customers when they call to say their Internet isn't working. If the Internet providers correct the server problem, the Internet will work, but the malware will remain on victims' computers and could pose future problems.

In addition to individual computer owners, about 50 Fortune 500 companies are still infected, Grasso said.

Both Facebook and Google created their own warning messages that showed up if someone using either site appeared to have an infected computer. Facebook users would get a message that says, "Your computer or network might be infected," along with a link that users can click for more information.

Google users got a similar message, displayed at the top of a Google search results page. It also provides information on correcting the problem.

To check whether a computer is infected, users can visit a website run by the group brought in by the FBI: www.dcwg.org .

The site includes links to respected commercial sites that will run a quick check on the computer, and it also lays out detailed instructions if users want to actually check the computer themselves.

Explore further: Yelp adds hotel and winery bookings with new partnerships

4 /5 (5 votes)
add to favorites email to friend print save as pdf

Related Stories

Hackers pick Google's pocket with Mac virus

May 01, 2012

A virus infecting Macintosh computers is picking Google's pocket by hijacking advertising "clicks," tallying as much as $10,000 daily, according to Internet security firm Symantec.

Apple out to kill widespread Macintosh virus

Apr 11, 2012

Apple said it is crafting a weapon to vanquish a Flashback virus from Macintosh computers and working to disrupt the command network being used by hackers behind the infections. ...

Facebook teams with McAfee to tighten security

Jan 13, 2010

Facebook has announced an alliance with Internet security specialty firm McAfee to get user of the world's leading online social network to better protect their computers.

Comcast tries pop-up alerts to warn of infections

Oct 10, 2009

(AP) -- Comcast Corp. wants to enlist its customers in a fight against a huge problem for Internet providers - the armies of infected personal computers, known as "botnets," that suck up bandwidth by sending spam and facilitating ...

Recommended for you

Ebola.com domain sold for big payout

4 hours ago

The owners of the website Ebola.com have scored a big payday with the outbreak of the epidemic, selling the domain for more than $200,000 in cash and stock.

Facebook goes retro with 'Rooms' chat app

Oct 23, 2014

Facebook on Thursday released an application that lets people create virtual "rooms" to chat about whatever they wish using any name they would like.

User comments : 5

Adjust slider to filter visible comments by rank

Display comments: newest first

casualjoe
Jul 05, 2012
This comment has been removed by a moderator.
Bowler_4007
1 / 5 (1) Jul 05, 2012
Reformat!
and then find that the windows disc you you burned last week is also infected
PoppaJ
not rated yet Jul 05, 2012
Why not post the files involved. If a CSR at you internet, cable, satellite or phone provider will help when it happens why not give us the info now. I work for the worlds largest satellite provider, why haveI not heard even a whisper of this. I work in a department that would need to know. There is just something not right about all this. Especially since the only way to get resolution is through the government.
frajo
3 / 5 (2) Jul 06, 2012
As always, no mentioning of the affected operating system or systems.
Nobody has the guts to name Windows.

I don't use Windows, I don't use any antivirus software, and I never had any working malware since 20 years.

It's obvious that the press (in this case Associated Press) tries to be Microsoft's best friend by twisting the truth by omitting unpleasant details. It's less obvious why, but everybody is entitled to have his well educated guess.
Bowler_4007
1 / 5 (1) Jul 06, 2012
As always, no mentioning of the affected operating system or systems.
Nobody has the guts to name Windows.

I don't use Windows, I don't use any antivirus software, and I never had any working malware since 20 years.

It's obvious that the press (in this case Associated Press) tries to be Microsoft's best friend by twisting the truth by omitting unpleasant details. It's less obvious why, but everybody is entitled to have his well educated guess.

Have you been reading the comments at all? I mentioned Windows you plank
Deathclock
1 / 5 (1) Jul 06, 2012
If you understood the details of this particular malware you'd understand that windows was chosen not because of any security features of the OS (or lack thereof) but due to the number of users, in order to reach as many people as possible.

Stop being a tool.