DNS Changer virus threat passes; no significant outages

ByABC News
July 9, 2012, 5:44 PM

— -- The threat posed by DNS Changer, the headline-grabbing Internet doomsday virus, has fizzled. But tech security analysts warn that there are even more sinister viruses around.

No significant outages were reported on Monday as the FBI removed a safety net erected last November to protect some 577,000 Windows PCs.

Without the FBI's safety net, those PCs would have been cut off from accessing the Web, as authorities moved to dismantle the rogue servers that criminals were using to control DNS Changer-infected machines.

A minute after midnight on Monday, some 277,000 PCs, including 64,000 in the U.S., remained infected and at risk as the FBI took down its safety net. That's a tiny fraction of the billions of Internet-connected computers and mobile devices.

Also, Internet service providers have been hustling to alert victims and help them stay connected, says Dan Brown, senior researcher at tech security firm Bit9. "Most of the major ISPs have been cooperating with the FBI," says Brown. "They … have a vested interested in keeping their customers from being disconnected."

In the teeming cyberunderground, DNS Changer isn't as potent as it was a year ago, when it first surfaced. That's partly because most major anti-virus products have been tuned to watch for it and clean it up, says Johannes Ullrich, chief research officer at the SANS Security Institute.

Meanwhile, Google, Facebook and Comcast have been issuing alerts directing potential victims to an FBI-approved website: www.dcwg.org. It has links to services that will run a quick PC check, as well as guidelines to remove the infection.

Even after removing the infection, victims may still have to manually repair their "DNS settings." The instructions direct Windows PCs to the servers that convert a Web page's textual name to its numerical IP address. The DNS Changer virus corrupted those settings.

"The DNS settings check isn't that difficult," says security blogger Dennis Fisher, editor-in-chief of Threatpost.com. "Anyone who can navigate through the control panel should be able to do it. It's just a matter of clicking through a few dialogue boxes."

Federal authorities hope that despite the aftermath of DNS Changer, public awareness gets a boost. The main lesson: Internet threats keep multiplying, and users must carry part of the burden for staying safe.

"DNS Changer is last year's malware," Ullrich says. "Only about 0.01% of Internet users are affected by it. About 100 times more users are infected by more dangerous, current malware without knowing that they are infected."