Malware May Kill Your PC July 9
It sounds like one of those annoying chain emails that show up from technically challenged acquaintances: "The FBI Will Take Your Computer Offline July 9 If It Has A Virus! Visit This Site Immediately To Check!! Forward This To Everyone You Know!!!"
But the Federal Bureau of Investigation really has posted a warning on its site about the risk of "DNSChanger" malware, which really will result in your computer getting disconnected from the Web on July 9 if you don't clean it up. You won't be able to go online, and you'll need to contact your service service provider for help getting the malware deleted before you can reconnect to the Internet.
The Infection Check
To see you're infected, you just need to be able to read one line of text or know the difference between green and red. Visit www.dns-ok.us; if you see a green background to the image on that page and the words "DNS Resolution = GREEN," you're safe. (Your Internet provider may also offer a similar service. Comcast subscribers, for example, can check their computers at amibotted.comcast.net.)
If you see otherwise, you have a few more days to fix the problem. Since DNSChanger can disable security programs, you may not be able to do this the easy way, by clicking a "scan" button in your anti-virus app. You can try specialized DNSChanger-removal tools from such firms as SecureMac, or run general-purpose anti-rootkit software like MalwareBytes' Anti-Malware or Kaspersky Labs' TDSSKiller.
The DNS Changer Working Group, created by Internet-security experts to help clean up the problem, has also set up a page with links to manual malware-cleanup instructions from Microsoft and others. In a worst-case scenario, you may need to reinstall your computer's operating system and software from scratch, using either the disks that came with the computer or the recovery partition on its hard drive.
But that still beats having a computer that can only navigate the Internet by numbers.
So if you have friends or family members online who might not know to check for this problem, please forward this post to them. But hold the exclamation points.
The story began last November when the bureau announced it had busted a 4-year-old Estonia-based conspiracy. The suspects had infected about 4 million computers — some 500,000 in the United States — with malware called DNSChanger (also referred to as Alureon) that diverted victims to scam sites.
This "rootkit" malware was usually delivered as a fake download for Windows or Mac OS X that then silently altered the Domain Name System settings on computers and even some wireless routers. That's about the most serious compromise an Internet-connected machine can suffer; when DNS stops correctly translating domain names like discovery.com to machine-readable Internet Protocol addresses like 18.104.22.168, you no longer know what sites you're dealing with.
But once an infected machine has been cuffed to DNSChanger's rogue servers, shutting it off would effectively unplug it from the Internet. To give unaware victims time to clean up their systems, the FBI secured a court order requiring the Internet Systems Consortium, a nonprofit Net-architecture firm, to take over and sanitize those servers.
But all bad things must end; after one stay of execution, ISC is now set to turn off the DNSChanger servers on July 9. At that point, any infected machine will only be able to connect to numerical IP addresses, essentially, a rotary-dial version of the Internet.