July 9: Doomsday for Your PC or Mac If It Has This Malware

There’s a trojan out there that tricks computers — both PCs and Macs — into redirecting all their Internet traffic through malicious servers. Even though the trojan’s creators have been stopped and arrested, millions of PCs could still be infected. For those machines, the Internet will cease to exist on July 9.
The reasons are technical, and they go back to 2007. That was the year the trojan first surfaced, according to PC World. The malware, which can infect both Windows and Mac computers, essentially creates a botnet by changing how the machine accessed DNS.
DNS (Domain Name Service) is how the web organizes its addresses. It’s the system that lets you simply type in “mashable.com” instead of some kind of long and incomprehensible IP address filled with letters, decimals and numbers. Your computer talks to a DNS server operated by your Internet Service Provider (ISP) to find all the websites that you visit every day.
The trojan, called DNS Changer, redirects your computer’s DNS queries from your ISP’s server to one created by the trojan’s creators — essentially hijacking all Internet traffic from your machine. That way, the bad guys can send you to hacker-created websites filled with ads whenever they want.
The good news: The FBI shut down the operation, called Rove Digital, last November when they arrested six Estonian nationals behind the botnet and shut down their malicious servers. To ensure infected computers wouldn’t be cut off from the Internet entirely, the FBI set up its own DNS servers.
The bad news: Those friendly servers will soon be shut down. They were originally going to run only four months, but a judge ordered an extension of their operation until July 9 since it’s estimated that hundreds of thousands of computers are still infected.
If a machine is still has the trojan and tries to access the web on July 9, it won’t be able to access anything. With Internet access cut off, it would be very inconvenient to download and install anti-virus software.
If you suspect you’re infected, go to the DNS Changer Check-Up website, which should let you know if your computer’s DNS is working properly. Should your machine test positive, an organization called the DNS Changer Working Group has a list of anti-virus tools for cleaning it up. The FBI has an even more comprehensive to-do list.
Even with the extra time and cleanup tools, however, it’s likely a few machines will slip through and not get the update by July 9. What do you think should happen to reach those computers in time? Sound off in the comments.

No comments: