Internet-pocalypse? World Wide Web-mageddon? Not Really.


Image from beingelle.wordpress.com

If you’ve ever seen the Terminator movies, you’re probably familiar with Skynet, the fictional global computer system that goes haywire and causes all artificial intelligence to turn against humanity. Watching the news today, which much of the media referred to as the ‘Internet Doomsday’, you’d expect red-eyed robots to be walking the streets as hundreds of thousands of people worldwide were expected to lose their Internet connection.

211,000 computers, 42,000 of them in the U.S., could not access the Internet today due to malicious software that may have been on the machines for over a year. Starting in 2007, a group of six Estonian hackers used something called a DNSChanger, sent to computers via rogue DNS servers, to compromise around 4 million computers worldwide. DNS, or Domain Name System, is an Internet service that allows computers to convert domain names to numerical addresses that connect users to websites. Once computers were infected with the DNSChanger malware, users would type in the domain names of the sites they wanted to navigate to and instead be redirected to Internet advertising websites. The malware caused computers to translate the domain names into numerical addresses of the hackers’ choosing and also prevented computers from installing anti-virus software updates, making them vulnerable to other attacks. The virus affected routers in homes and offices, spreading from the device it originated on to other Wi-Fi-enabled devices in the vicinity. The ring made around $14 million by redirecting individuals to advertising sites, causing losses for legitimate sites. In 2011, the FBI conducted a raid as part of a two-year investigation called Operation Ghost Click to stop the criminals, whose malware had infected not only the computers of individuals but also those of businesses and government agencies like NASA. The United States sought to extradite the individuals and the FBI, as directed by federal court order, replaced the malicious DNS servers with clean servers. However, at 12:01 today, these servers were shut down, leaving those who had not changed their computers’ DNS settings back to normal with no Internet service.

Before the Internet blackout, sites like Google and Facebook, as well as the government, created tools to make users aware of the DNSChanger malware’s presence on their machines. Users could go to the site http://www.dns-ok.us/ to check for the virus, but now that the blackout has begun, it is difficult for those affected to realize that they have the malware and diagnose it. The site http://www.dcwg.org/fix/ lists important steps that must be taken to resolve the issue, but Internet-less users will have to contact service providers for help. The nature of the virus makes it impossible to simply reformat the hard drive and reinstall the operating system (the usual process with malware of this type), since it affects the boot blocks on the hard disk and will simply find its way back into the computer. It’s recommended that those affected backup their files and use one of a number of free tools, like Norton Power Eraser or McAfee Stinger, to find and quell the virus.

While there was a conspiracy that seemed to be straight out of a movie, the DNSChanger scheme was hardly something of Skynet proportions. Admittedly, it’s tempting to throw in some Terminator quotes here. But “Hasta la vista, DNSChanger” doesn’t sound too catchy.

Sources: http://www.cnn.com/2012/07/09/tech/web/internet-doomsday-dns/index.html
http://www.dcwg.org/fix/
http://www.fbi.gov/newyork/press-releases/2011/remarks-as-prepared-by-assistant-director-in-charge-janice-k.-fedarcyk-on-major-cyber-investigation
http://www.fbi.gov/news/stories/2011/november/malware_110911

Advertisements

Tell the Truth

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: