Dozens of news outfits are amping up this DNSChanger malware “event” on Monday with stories bearing apocalyptic titles like “Countdown to Internet Doomsday: Will Your Computer Survive?” or “How to Survive Internet Doomsday” or “End of the Internet? ‘Doomsday’ Virus Will Crash Thousands of Computers on July 9.”
My personal favorite: “Five Reasons DNSChanger Victims Deserve to Lose the Internet.” Because nothing says “helping bewildered consumers” like distorting what’s at stake to justify an almost gleefully callous (but eye-catching!) headline.
When I click on any of these, I half expect to find pictures of Bat Boy, his half-human, half-nocturnal mammalian mouth opening as if he were a cartoon opera singer hitting the money note, his hands at his face Macaulay Culkin style, his computer melting like the Wicked Witch into a pool of sludge.
What’s actually going down on Monday is far less theatrical.
No, the Internet isn’t shutting down. Not even close. What is happening is that the FBI will turn off a couple of servers (really, just two) that it originally set up to thwart the spread of an opportunistic and irritating but otherwise innocuous bit of malware.
And when the two servers do go dark, computers still infected with the malware — currently dependent on those FBI servers to access the Internet — will lose their ability to translate Web addresses into IP addresses. For these people — a number some are calling as high as half a million but that experts place at less than 250,000 worldwide (and well below 70,000 in the U.S.) — that means any network requests made using Web addresses won’t work.
I explained this in detail back in April, so here’s the Cliff’s Notes version:
In 2007, cyberthieves created malware, dubbed DNSChanger, that manipulated the way Internet ads appeared in infected computer browsers, allowing the cybercrooks to rack up millions in illicit fees.
The malware depended on a basic Internet principle called DNS (Domain Name System), which is how Internet routers know where to send your Internet requests — that is, how to translate a URL like http://www.time.com into a numeric IP address when you type it into your browser’s address bar.
Computers infected by DNSChanger had their local DNS information changed and were redirected to fraudulent servers that delivered Web-based ads that eventually channeled millions of dollars to the malware authors.
But the bad guys were caught last November and their servers seized. Given the number of infected computers, the FBI elected to leave the servers running sans ads, instead launching an awareness campaign to get users to disinfect before a shutdown date: July 9, 2012.
When the servers go dark, DNS-related Internet activity on any remaining infected computers will no longer work. How many people are we talking?
In a refreshingly sober piece, “Malware Monday: Much Ado About Nothing,” Eric Chabrow chats up DNS Changer Working Group (DCWG) spokesman Barry Greene (whose job it is to warn people about the malware, mind you):
Think about it: Various estimates place the number of PCs worldwide at between 1 billion and 2 billion. That means the 250,000 or so still-infected computers represent fewer than 2-100ths of a percent (0.02 percent) of all PCs in the world. That’s about the number of PCs a botnet hunter commandeers in a single day, Greene says, adding: “It’s no big deal.”
Here’s the deal. If you haven’t already, click this simple infection checker, run by DCWG, to determine if your computer has the malware (you’ll get an instant thumbs up or down). If not — celebrate good times! — you’re free and clear.
And if you are infected? No need to go all Dr. Peter Venkman like the rest of techdom; just be sure to visit DCWG’s “fix” page today (or by this weekend) and follow a few simple, undramatic steps to cleanse your computer.