mangalore today

DNSChanger malware may shut down millions of PCs on Monday


Mangalore Today News Network

New York, July 9, 2012 : Lakhs of computers across the world, including thousands in India, are likely to  lose connection to the internet from  today. 
From July 9, nearly three lakh infected computers, including more than 20,000 in India , are set to lose access to the Internet, thanks to the DNSChanger malware , security firms say.

 

DNS july 9 2012


These computers will be logged off because the FBI will shut down some servers.


The problem stems from the malware, which was created by cyber criminals to redirect Internet traffic by hijacking the domain name systems (DNS) of Web browsers.


The ring behind the malware, discovered in 2007, was shut down last year by the FBI, Estonian Police and other law enforcement agencies.


 "Every website has an IP address by default - which is a string of numbers. That is where DNS (domain name system ) comes in - the DNS server routes you to the website when you type in its name," Abesh Bhattacharjee, software applications architect with a reputed multinational software major and SAP mentor, said.


He said the malware modified these numbers on infected computers to redirect them to malicious websites.


"Think of it as your telephone directory. What if someone replaced the phone numbers of genuine people with their choice of numbers? This is what the malware does," Bhattacharjee added.


Beginning in 2007, the cyber ring used the malware to infect approximately 40 lakh computers in more than 100 countries.


There were about 5,00,000 infections in the US alone, including computers belonging to individuals, businesses, and government agencies such as Nasa, the FBI said.


"The thieves were able to manipulate Internet advertising to generate at least $14 million in illicit fees," the FBI added.


As the virus controlled so much Web traffic, authorities obtained a court order to allow the FBI to operate replacement servers, which allow traffic to flow normally, even from infected computers. But that order expires on Monday.


Thus infected computers won’t be able to access the Internet anymore.


According to the DNS Changer Working Group (DCWG), more than 3,00,000 computers remained infected as of June 11.


The largest number was in the US (69,000), followed by Italy (26,500), India (21,300) and the UK (19,589). Security experts say it’s not clear how many of those computers are active.


"Reaching victims is very difficult, and something we have had issues with for years," Johannes Ullrich, a researcher with the SANS Security Institute, told a news agency.


Tips to save your PC:

-Always keep the firewall on.
-Don’t open unknown email attachments.
- Don’t download or run unknown programs.
-Keep applications and operating system updated.
- Create regular back-ups of critical data.
- Disconnect computer from network & turn it off after use.