DNSChanger malware -- hype or serious threat?

You and your clients have probably heard or read news stories in the past few weeks predicting the end of the Internet on July 9 of this year. Should you be concerned?

The answer, of course, is yes and no. The threat is real, although it only affects a small percentage of computer users. But for that infected population of computers, they will in fact lose their ability to connect to the Internet, starting on July 9 and continuing until their computer is cleared of the DNSChanger malware.

For a more detailed description of the problem, its history, and solutions, there is no shortage of articles on the subject. A Google search of DNSChanger produces over one million results. Some of those are very well done -- complete, accurate, and readable -- and others are not.

The best one I have found is on the TechRepublic IT Security blog, written by Alfonso Barreiro. Here is a link to that blog post: http://www.techrepublic.com/blog/security/preparing-for-the-dnschanger-i....

Here are some of the salient points from that article. This malware at one time infected more than 4 million computers worldwide, turning those computers into members of a huge botnet that was used for various illegal activities.

In November, 2011 the FBI, working with security firm Trend Micro and authorities in Estonia, announced the shutdown of this botnet. They raided datacenters in New York and Chicago and removed nearly 100 servers.

Rather than disrupt Internet service to millions of innocent users, the FBI instead set up an alternate network of DNS servers to handle the traffic that had been hijacked. This was intended as an interim solution, originally set to be shut down in March, 2012.

That target date has since been extended to July 9, 2012, which is likely to be the final cutoff date. As of March, 2012 infected computers were still present in 94 of the Fortune 500 companies and three out of 55 major government entities.

You will be performing a valuable service for your clients if you will check each of their computers between now and July 9 to be sure they are not infected. If you do find any infected machines, they are relatively easy to clean up.

If you already know everything you want to know on this subject and just want to go directly to the site that will check a computer to determine whether it is infected by this malware, the URL for computers in the United States is http://www.dns-ok.us/.

As the shutdown date nears, you can expect to see the usual hysteria and fear-mongering from the news media. Best you should beat them to the punch and take a proactive stance with your clients and users.