X

DNSChanger apocalypse: Like Y2K, but even snoozier

Public awareness campaigns help drop the number of infected computers to the thousands, and ISPs save the day for the rest.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
See full bio
Elinor Mills
3 min read
Watch this: DNSChanger dead, now what?
Top 20 countries and estimates of computers infected with DNSChanger this weekend.
Top 20 countries and estimates of computers infected with DNSChanger this weekend. F-Secure

Despite the dire warnings about the Internet going dead for thousands of people today, I am happy to report that it's all business as usual. You may proceed to the cute cat videos.

After months of warnings, the FBI pulled the plug on servers that were set up to block a Trojan that was hijacking computers by changing their DNS settings to go to rogue servers and serving up ads. The government set up legitimate DNS servers so infected computers wouldn't lose their online access, but turned off that network today, potentially stranding thousands of computers from the Internet.

"We haven't seen a single report" of someone losing Internet access, said Johannes Ullrich, chief research officer at the SANS Institute. "It's all hype. There's really nothing happening."

If you happened to have been in cave for the past year you may have missed the notices on major news outlets, in e-mails from ISPs about DNSChanger and even from Google. There was plenty of information circulating about how to check your system and clean it up to avoid having any problems when the plug was eventually pulled. The government even got an extension and moved the deadline from March 9 until July 9.

The public awareness campaign seems to have worked. On July 4, there were an estimated 45,600 infected computers in the U.S. and 252,000 worldwide. Those numbers dropped to about 41,800 and 211,000 by last night, according to FBI spokeswoman Jenny Shearer. This was down from "millions" that have been infected all told since the malware was first discovered in 2007.

Related stories

And for those few who really were left in the dark, ISPs are there to save the day.

There has been "very little impact. For the very small number of customers whose computers may have the virus, we are redirecting their traffic to servers we have set up that will enable them to continue use their computers," AT&T spokesman Mark Siegel told CNET in an e-mail. "This will be in place through the end of the year so these people will have even more time to remove the virus from their computers, which is an easy process. We have been communicating with these customers for months to let them know how to remove the virus."

"The FBI is out -- and ISPs are in," reports the F-Secure blog. "All in all, things are working out as they probably should in a case such as this. The infection count continues to decrease without a major crisis in support calls. (We've only received a couple from our own customers.)"

FBI officials are pleased with the way things have gone too. "The FBI has not had to do something like this before, work with public and private partners to set up a safety net," said the FBI's Shearer. "It shows that there is the ability to come up with solutions to cyber crime that may not have been necessary in the past. As the cyber criminals are able to adapt. so too can law enforcement agencies."