July 06, 2012
Is your computer infected? Photo: Tanya Lake
Despite repeated alerts, thousands of Australians may still lose their internet service come early next week unless they do a quick check of their computers for malware that could have taken over their machines more than a year ago.
The warnings about the internet problem have been splashed across Facebook and Google. Some internet service providers have sent notices, and the US Federal Bureau of Investigation (FBI) set up a special website.
According to the FBI, the number of computers that probably are infected is more than 277,000 worldwide, down from about 360,000 in April. About 6000 still-infected computers are probably in Australia, according to Australian communications regulator the ACMA, down from about 7500 on June 14 and about 10,000 on March 29.
The ACMA, together with other Australian government agencies, has developed a site (dns-ok.gov.au) for users to check if they are infected. People whose computers are still infected come July 9 will lose their ability to go online, and they will have to call their service providers for help deleting the malware and reconnecting to the internet.
The problem began when international hackers ran an online advertising scam to take control of more than 570,000 infected computers around the world. When the FBI went in to take down the hackers late last year, agents realised that if they turned off the malicious servers being used to control the computers, all the victims would lose their internet service.
In a highly unusual move, the FBI set up a safety net. They brought in a private company to install two clean internet servers to take over for the malicious servers so that people would not suddenly lose their internet.
And while it was the first time they'd done something like that, FBI officials acknowledged that it may not be the last, since authorities are taking on more of these types of investigations.
The temporary internet system they set up, however, will be shut down at 12:01am EDT Monday, July 9, in the US.
Most victims don't even know their computers have been infected, although the malicious software probably has slowed their online surfing and disabled their anti-virus software, making their machines more vulnerable to other problems.
But popular social networking sites and internet providers have gotten more involved, reaching out to computer users to warn of the problem.
According to Tom Grasso, an FBI supervisory special agent, many internet providers are ready for the problem and have plans to try to help their customers. Some, such as US ISP Comcast, already have reached out, as well as some Australian ISPs.
Comcast sent out notices and posted information on its website. Because the company can tell whether there is a problem with a customer's internet connection, Comcast sent an email, letter or internet notice to customers whose computers appeared to be affected.
Grasso said other internet providers may come up with technical solutions that they will put in place come July 9 that will either correct the problem or provide information to customers when they call to say their internet isn't working. If the internet providers correct the server problem, the internet will work, but the malware will remain on victims' computers and could pose future problems.
Australia's largest ISP, Telstra, has said that it will be implementing a "temporary" technical workaround that won't mean its customers wil lose internet access come July 9. "... It will give us more time to contact [infected] customers and help them to remove the malware and fix their DNS settings," Telstra's chief information security officer, Glenn Chisholm, said on Telstra's Exchange blog.
Australian ISP Internode told SC Magazine in May that it had been reaching out to customers with the malware, some of which had their routers infected by it and not their computers, to attempt to fix the problem.
In addition to individual computer owners, about 50 US Fortune 500 companies are still infected, the FBI's Grasso said.
Both Facebook and Google created their own warning messages that showed up if someone using either site appeared to have an infected computer. Facebook users would get a message that says, "Your computer or network might be infected", along with a link that users can click for more information.
Google users got a similar message, displayed at the top of a Google search results page. It also provides information on correcting the problem.
To check whether a computer is infected, web users can visit a site run by the group brought in by the FBI: dcwg.org.
The site includes links to respected commercial sites that will run a quick check on the computer, and it also lays out detailed instructions if users want to actually check the computer themselves.
AP and Ben Grubb