Today more than 300,000 users’ worldwide face the possibility of losing their internet access as the FBI shuts off servers used by cyber thieves.
During raids in November 2011 the FBI seized servers which criminal gangs had used to infect more than 4 million machines. The gangs racked in more than £9 million by redirecting victims machines. They managed to do this because their servers were taking over a key web function known as domain name look-up. These domain names are converted into numerical values that computers use by consulting the domain name servers (DNS). When a user types in a web address their computer will consult a DNS server to find out where that website resides online. The infected computers with malware called DNS Changer altered where a PC went to convert domain names to numbers. Victims’ web searches were routed through the servers so they saw adverts that led to the gang being paid.
It is thought that around 7 – 8% of the machines infected still harbour the malicious code unbeknown to the user.
Since the FBI raid the servers have been run by Californian company ISC, who are due to shut them down today 9 July. Over the last few months the FBI has worked with many ISP’s and security firms worldwide to alert victims to the fact that their PC was infected with DNS Changer and clean them up so they are malware free.
The PCs that are still victims of DNS Changer will suddenly have nowhere to go when they need to look up the location of a domain. Initially some domains will be cached, stored, which will mean that access appears to be there. Users may be confused as some sites will work and others will not.
To find out more, please call us on 0845 504 8989, or complete our contact form.