July 5, 2012
On July 9, thousands of Internet users worldwide could lose access after the FBI shuts down temporary DNS servers that replaced fraudulent servers operated by hackers.
Major companies and US government agencies are amongst those that could be blocked out, according to the Internet security firm IID.
The blackout will affect systems infected with the DNSChanger Trojan, a malware program that altered user searches and redirected them to pages offering fraudulent and, in some cases, dangerous products.
Last November the FBI arrested and charged six Estonian men behind the malware as part of Operation Ghost Click. These hackers were able to make a fortune off their project, raking in millions for ads placed on their fraudulent websites.
On the eve of the arrests, the FBI hired Paul Vixie, chairman of the Internet Systems Consortium (ISC) to install two temporary Internet servers that would prevent infected users from losing access to the Internet once the DNSChanger botnet was shut down. These users were advised to take steps to get rid of the malware on their computers, and the DNSChanger Working Group was set up by the computer industry and law enforcement to come up with a plan to phase out the surrogate servers.
The FBI was initially planning to shut down their provisional servers in March, but a US district court ruled the provisional servers were to remain operation until July 9.
Running the temporary servers for eight months has cost the FBI $87,000.
With the looming deadline approaching, estimates suggest up to 360,000 unique Internet addresses are still using the rogue servers, with most of them based in the US, according to federal authorities. Other countries with over 20,000 each include Italy, Canada, India, the United Kingdom and Germany. This is down from the over half a million addresses registered when the six hackers were arrested, but still enough to paralyze the functioning of important websites. At its peak several years ago, up to six million systems worldwide were infected with the malware.
The DNS system is a network of servers that translates a web address into a numerical IP address used by computers. Computers affected by the DNSChanger worm were reprogrammed to access rogue DNS servers that redirected them to fraudulent websites.