Why your Internet could disappear in July

The technical press has been trying to alert the public to an unfortunate outcome of the breaking up of a ring of computer bad guys.

Let's go back to last fall. In November, the FBI arrested six Estonian hackers and accused them of making millions from an online advertising scam that involved fake, or rogue, DNS servers. A "domain name service" computer contains software that connects the website name that you enter into your browser as a URL with the number that pinpoints the exact location of the server you are trying to connect to. You could call it the post office for the Web.

What the bad guys did was use malware to point the browser of an infected computer to their own servers instead of the desired destination. Those "fake" destinations generated clicks on ads. Legitimate advertisers paid the bad guys as much as $14 million for all those wayward clicks.

So, after the bust, the logical thing for the FBI to do was to shut down the rogue servers.

But, wait. If they did that, the FBI reasoned, more than half a million infected machines would "point" to a DNS server that was not there. In effect, those machines would be "disconnected" from the Internet.

And the FBI knew that those half-million infected machines in the U.S. included federal agencies, such as NASA.

The FBI opted to leave the servers running, ad-neutralized, to avoid disrupting Internet functionality. To give users time to deal with the disruption, the FBI secured a court order on March 12 that authorized the Internet Systems Consortium -- a nonprofit that supports the Internet's infrastructure -- to roll out and maintain temporary, "clean" DNS servers.

But the FBI doesn't want to be in the DNS server business, so on July 9, the "clean" servers will be shut down. At that point, anyone still infected with the DNS malware will seem to have lost Internet service.

Computers running Linux, iOS on iPhones and iPads or Android are not affected. That pretty much leaves PCs and Macs.

The DNS Changer Working Group, which has been maintaining the servers since their seizure, has created a website, dcwg.org, that allows you to check to see if your computer is infected. By clicking a link, you will either see a message with green (you are not infected) or red (you are).

The site also has a list of free tools to remove the malware.

Some security experts say the only way to really clean your computer is to format the hard drive and reinstall everything. While that certainly will work, it is a complicated and time-consuming process.

Barry Greene, the former director of Internet Systems Consortium, says the removal tools at dcwg.org should do the job.

So check your machine for infection and clean it up if you find any. Otherwise you might wake up July 10 and wonder where your Internet went.

Print this article Back to Top