With a few mouse clicks, the DNS Changer Working Group can tell you if you have malware.

Glen Stubbe, Star Tribune

Malware may knock thousands off Internet; are you vulnerable?

  • Article by: LOLITA C. BALDOR
  • Associated Press
  • July 5, 2012 - 10:31 PM

WASHINGTON - Despite repeated alerts, tens of thousands of Americans may still lose their Internet service late Sunday unless they do a quick check of their computers for malware that could have taken over their machines more than a year ago.

The warnings about the problem have been splashed across Facebook and Google. Internet service providers have sent notices, and the FBI set up a special website.

According to the FBI, the number of computers that probably are infected is more than 277,000 worldwide, down from about 360,000 in April. About 64,000 still-infected computers are probably in the United States. In addition to individually owned computers, about 50 Fortune 500 companies are still infected, officials said.

The Canadian Internet Registration Authority said about 25,000 of the computers initially affected by the malware were in Canada, but now only about 7,000 machines remain infected there, said Canadian Internet Registration Authority spokesman Mark Buell.

People whose computers are still infected Monday will lose their ability to go online, and they will have to call their service providers for help deleting the malware and reconnecting to the Internet.

The problem began when international hackers ran an online ad scam to take control of more than 570,000 computers around the world. When the FBI went in to take down the hackers late last year, agents realized that if they turned off the malicious servers being used to control the computers, all the victims would lose their Internet service.

In a highly unusual move, the FBI set up a safety net. They brought in a private company to install two clean servers to take over for the malicious servers so that people would not suddenly lose their Internet. And while it was the first time they'd done something like that, FBI officials acknowledged that it may not be the last, since authorities are taking on more of these types of investigations.

The temporary Internet system, however, will be shut down at 11:01 CDT Sunday (or 12:01 a.m. EDT Monday.)

Most victims don't even know their computers have been infected, although the malicious software probably has slowed their online surfing and disabled their antivirus software, making their machines more vulnerable to other problems.

Tom Grasso, an FBI supervisory special agent, said many Internet providers have plans to try to help their customers. Some, such as Comcast, already have reached out. The company sent out notices and posted information on its website. Because the company can tell whether there is a problem with a customer's Internet server, Comcast sent an e-mail, letter or Internet notice to customers whose computers appeared to be affected.

Grasso said other service providers may come up with technical solutions that they will put in place that will either correct the problem or provide information to customers when they call to say their Internet isn't working. If the Internet providers correct the server problem, the Internet will work, but the malware will remain on victims' computers and could pose future problems.

© 2018 Star Tribune