The FBI is shutting down temporary servers servicing DNSChanger virus victims CBC News Posted: Jul 4, 2012 5:20 AM ET
The FBI established temporary 'clean' DNS servers in place of bad ones so that computers infected with DNSChanger wouldn't suddenly be cut off from the internet. (Pascal Lauener/Reuters)
On July 9, thousands of Canadians and hundreds of thousands of people worldwide could be without access to the internet after the FBI shuts down temporary DNS servers used to assist victims of a massive internet fraud ring.
All computers that still use these servers will meet a virtual brick wall on July 9 and be unable to connect to the internet until their computers are cleared of the associated 'DNSChanger' virus.
The shutdown of the temporary DNS servers by U.S. authorities is the last stage in Operation Ghost Click, a two-year international investigation that officially ended in November 2011.
The FBI, in association with international law enforcement, managed to track and apprehend six Estonians using an ostensibly legitimate front company who had organized a sophisticated system of false DNS servers.
These servers rerouted the web browsers of infected computers to sites of the hackers' own choosing, some of which were fraudulent in nature.
Computers were forced to connect to the internet through these servers by a customized virus called DNSChanger that was distributed along conventional channels, such as infected emails, bad websites, and malware scripts.
When it broke up the hacking group in 2011, the FBI established temporary 'clean' servers in place of the bad ones so that computers infected with DNSChanger wouldn't suddenly be cut off from the internet.
However, the contract to maintain these servers will end July 9, resulting in their shutdown.
"An extension has not been requested," says Jenny Shearer, a spokesperson for the FBI's National Press Office.The FBI and international law enforcement caught the people behind Rove Digital in 2011. (REUTERS/Chris Morgan/Idaho National Laboratory)
According to Paul Vixie, chairman and founder of the Internet Systems Consortium (ISC) that has been operating the temporary servers for the FBI, the fraud had snared nearly 650,000 machines worldwide, about 25,000 of which were in Canada. He says the scheme is also estimated to have netted nearly $20 million over four years for those behind the virus.
Since November 2011, the number of computers still infected with DNSChanger has dropped substantially to 275,000 worldwide. In Canada, only about 7,000 machines are estimated to remain infected, as a result of efforts by the FBI and computer security companies to get users to follow instructions on how to check for and remove the virus.
However, for the thousands of users whose computers are still infected with DNSChanger, their machines will continue to redirect towards the DNS address supplied by the virus. They won't be able to get online unless they clear the virus from their computer.Canadians affected by DNSChanger (CBC News)What is DNS?
To properly understand how the ring's servers were able to operate for so long, it serves to understand the basics behind the technology. DNS is short for Domain Name System, a tool that converts numeric Internet Protocol (IP) addresses used to route traffic on the internet into text-based domain names that are easier for people to remember and type into a browser â i.e. the IP address 126.96.36.199 into www.CBC.ca.
The DNS is a vital support for how people interact with the internet, and many services like email or internet browsing would be severely crippled without it.
DNS servers hold IP addresses and their corresponding text-based domain names and form a hierarchy, with each DNS server connecting to both clients as well as higher-level DNS servers. Each server progressively holds a greater share of internet addresses, eventually reaching up to the primary 13 root servers that have access to every domain in the world.