It was predicted to be the end of the Internet on July 9, 2012 for those computers infected with malware called a DNS Changer. The July termination date was part of a continuing case against a team of criminals that operated out of Estonia between 2007 and 2011. Just to be safe, the FBI recommended that computer users clean house by checking on their DNS status. However, by late afternoon on July 9, 2012 there had not been any reports of computers losing Internet access. The feat was attributed to the efforts of law enforcement, Internet service providers and security companies. Though the danger has passed, companies still need to be vigilant in preventing infection from malware.
On April 19, 2012, the United States Attorney for the Southern District of New York announced the extradition of Anton Ivanov from Estonia to face charges of conspiracy to commit wire fraud and computer intrusion. Ivanov and his gang infected more than four million computers with malware that diverted users’ click requests in order to gain millions in advertising revenues.
The Independent explained the revenue scheme in an April 25, 2012, article titled “FBI warns virus victims face ‘Internet doomsday’.” According to the article, computers from countries all over the world were infected with the malware.
“The virus, called DNS Changer, would redirect the web browsers of victims from sites they wanted to visit to ones controlled by the gang. Revenue from adverts tied to those sites earned the criminals an estimated $14m (9.1m) in commission. The only noticeable effects of the virus were a slight slowing of Internet service, an increase in pop-up adverts and the antivirus software having been disabled,” the article said.
When Ivanov and his gang were apprehended in November 2011, the FBI decided to allow his inventory of DNS servers to continue operating long enough to allow users to disinfect their computers. By January 2012, it was estimated that about 450,000 computers were still infected with the malware. The FBI announced that it would be shutting down the DNS servers on July 9, 2012 in order to give users time to check and if necessary, disinfect their systems.
July 9 — Zero hour
The FBI announced that it would be shutting down the DNS servers on July 9, 2012 in order to give users time to check and if necessary, disinfect their systems. Fahmida Y. Rashid described one of the diagnostic tools in a March 7, 2012 article for PCMag.com titled “Avoid Internet Doomsday: Check for DNSChanger Malware Now.”
Rashid said, “The DNSChanger Eye Chart is one such tool. If the user on an infected computer goes to the site, the image on the page is displayed with a red background. If the machine is clean, the image has a green background. The eye chart will also show a red image if the home router is infected, even if the computer itself is clean.”
At 12:01 a.m. on July 9, 2012 the FBI shut down its DNS servers as planned. The agency projected that a mere 42,000 computers out of the estimated 2.3 billion that are connected to the Internet were still at risk. Were thousands cut off from the Internet? Firm numbers are not available, however both AT&T and Time Warner Cable said that only a “small percentage” of customers had been affected by the virus.
A lesson for businesses
Malware infection typically occurs through emails that contain links or attachments that download the malware when the link is clicked or the attachment is opened. Small businesses that have minimal IT staff and little training of staff are especially vulnerable to attack.
Karen E. Klein explained the danger to businesses in her May 7, 2012 post for Bloomberg Businessweek titled, “Protect Your Company’s Website From Malware.”
Not only computers but websites can be the targets of malware. When a company’s website is infected by malware, it may be flagged and blacklisted by Google and other search engines in order to protect users from becoming infected when they visit the site. When that happens, the site’s online traffic stops and reputation takes a hit. Getting the site back up again could take weeks.
How do websites become infected by malware? Klein explained, “Malware gets on websites using various avenues, including weak passwords that are easily deciphered and visits to already infected sites. Website owners typically have no idea they’ve been infected until the vicious programs wreak havoc, stripping customer banking and personal data or sometimes redirecting visitors to pornography sites that install yet more malicious software.”
Protection from malware is just a matter of installing anti-virus software and keeping it updated. Website owners should also ask their site host companies if security protection is part of their bundle of services or if it can be added.
For more information on protecting your business from malware, check out eWeek magazine on HighBeam Business.