FBI shuts down DNSChanger servers

The FBI shut down down all servers associated with the DNSChanger malware today, potentially cutting off hundreds of thousands of computers from the Internet. When discovered, the DNSChanger malware system was tied to an IT company in Estonia. The malware enabled the company to direct an infected computer to any site it wanted, instead of the intended destination. CBC explains:

When a user would enter the alphanumeric name for a site through their web browser or search engine, the fake DNS server that the virus rerouted the request to would provide an alternate IP address that led to a different website.

Although the FBI shut down the crime ring in November 2011, computers have remained infected with the malware and have continued to use the fake DNS servers. Those servers have been in the FBI’s possession since the raid. Had the FBI immediately shut down the servers, everyone with an infected computer would have immediately lost Internet service because the malware would keep trying to direct their browsers to nonexistent servers. Instead, the FBI held off completely shutting down the rogue servers “to alert victims to the fact that their PC was infected with DNS Changer.” In the interim, the FBI continued running the servers as normal, non-malicious DNS servers. This enabled anyone with an infected computer the opportunity to apply a patch without losing Internet service. That, however, ended today. As of this morning, anyone whose computer still contains the malicious software, thus linking to the DNSChanger servers, will lose access to the web.

It’s been estimated that hundreds of thousands of computers will lose access today. Security firm Bitdefender believes that many Fortune 500 companies may still be infected, with the top five countries being the US, Italy, India, the UK, and Germany. However, PCPro explains that in the past six months since its discovery, consumers “have already been alerted, as ISPs, Google and Facebook have been warning users.” While some individual users may still be infected, security company F-Secure's advisor Sean Sullivan believes that infected computer are mostly “going to be tucked away in small/medium businesses.”

While actual numbers have yet to be reported, F-Secure says the transition appears to be going smoothly. According to them, the FBI has shut down all servers and “Internet Service Providers have configured their own substitute DNS servers and are continuing to work the problem.” This update confirms that ISPs are attempting to diminish any potential harm this shut-down may cause. Due to these steps, MSNBC reports that as of this morning there has been very little impact to web users.