FBI plans to shut Internet Service Providers (ISPs) which are possible malware sources or containing trojans. Millions of computer users across the globe could be blocked off from the Internet as early as March 8.
New York / NationalTurk – In November 2011 the FBI and authorities in Estonia in a coopearation shut down a network that an Estonian gang of criminal hackers had launched to infect servers with the notorious DNSChanger Trojan — a virus that redirects computers from legitimate online destinations to phony websites that launch online ads that generated revenue for the hackers. 6 men believed responsible for creating the malicious computer script called the DNSChanger Trojan had ben apprehended.
FBI shuts down malicous content containing websites
In 2011, once set loose on the Web, the trojan worm corrupted computers in upwards of 100 countries, including an estimated 500,000 in US alone. The US Federal Bureau of Investigation later stepped up by replacing the rogue Trojan with servers of their own in an attempt to remediate the damage, but the fix then was only temporary. Now the FBI is expected to end use of those replacement servers as early as next month and, at that point, the Internet for millions could essentially be over.
FBI temporarily fixed the issue by replacing ‘the criminals’ servers with legitimate ones that would push along traffic to its intended destination.
DNSChanger Trojan : How does the worm work ?
When functioning as its creators intended, the DNSChanger Trojan infected computers and redirected users hoping to surf to certain websites to malicious ones. Traditionally, DNS, or Domain Name System, servers translate alphabetical, traditional website URLs to their actual, numeric counterpart in order to guide users across the World Wide Web. Once infected by the DNSChanger Trojan, however, websites entered into Internet browsers were hijacked to malicious servers and, in turn, directed the user to an unintended, fraudulent site.
In coordination with the arrests in Estonia, the FBI shut down the malicious DNSChanger botnet network, and, additionally, replaced them with surrogate servers to correct the issue. Those servers, however, were installed “just long enough for companies and home users to remove DNSChanger malware from their machines,” according to the court order that established them. That deadline is March 8, and those surrogate servers are expected to be retired then. At that point, computers still infected with the Trojan will be essentially unable to navigate the Internet.
Internet Shutdown by FBI : Who, exactly, will be affected ?
Security company IID (Internet Identity) believes that half of all Fortune 500 companies and more than two dozen major government entities in the US are still currently infected with the worm as of early 2012. Unless they take the proper steps to eradicate the Trojan from their systems, millions of users worldwide will be left hog-tied, helplessly attempting to navigate to nonexistent servers and, in effect, without the Web.
‘At this rate, a lot of users are going to see their Internet connection disrupted or even break on March 8,’ Rod Rasmussen, president and chief technology officer at Internet Identity, stressed.
Currently, both the computer industry and law enforcement are working together through a coalition they’ve established called the DNSChanger Working Group. The group’s mission can be desribed as examining the options in phasing out the surrogate servers set up by the FBI workers, but unless an alternative plan is agreed on, a great port of the Web will go dark next month.
Rasmussen adds ‘ I’m guessing a lot more people would care at that point,’. While infected internet users are cautioned to correct the issue now, millions internationally are still believed to be infected. ‘ It certainly would be an interesting social experiment if these systems just got cut off,” the officer remarks.
[adrotate banner=”31″]