In November, the FBI charged six Estonian nationals and one Russian national for engaging in a massive and sophisticated Internet fraud scheme that infected more than four million computers located in over 100 countries with malware, according to an FBI press release.
Of the computers infected with malware, at least 500,000 were in the United States, including computers belonging to U.S. government agencies, such as NASA; educational institutions; non-profit organizations; commercial businesses; and predominantly individuals.
According to the Seattle Times, the FBI set up a safety net months ago using government computers to prevent Internet disruptions for those infected, replacing the rogue servers with clean ones. But that system is costing the government $87,000, and is to be shut down this summer.
The FBI is encouraging users to visit a website run by its security partner, DCWG (http://www.dcwg.org/), to determine whether they're infected and explain how to fix the problem, the Times reports. After July 9, infected users won't be able to connect to the Internet.
The DCWG is an ad hoc group of subject matter experts, including members from organizations such as Georgia Tech, Internet Systems Consortium, Mandiant, National Cyber-Forensics and Training Alliance, Neustar, Spamhaus, Team Cymru, Trend Micro, and the University of Alabama at Birmingham. The group was created specifically to deal with this DNS Changer malware, and with a few mouse clicks, users can determine if their machine is infected and find out how to fix it.
The malware secretly altered the settings on infected computers, enabling the defendants to digitally hijack Internet searches and re-route computers to certain websites and advertisements, which entitled the defendants to be paid. The defendants subsequently received fees each time these websites or ads were clicked on or viewed by users. The malware also prevented the installation of anti-virus software and operating system updates on infected computers, leaving those computers and their users unable to detect or stop the defendants’ malware, and exposing them to attacks by other viruses.
Here are some examples of what the malware did from the FBI's release:
- When the user of an infected computer clicked on the domain name link for the official website of Apple-iTunes, the user was instead taken to a website for a business unaffiliated with Apple Inc. that purported to sell Apple software.
- When the user of an infected computer clicked on a domain name link for Netflix, the user was instead taken to a website for an unrelated business called “BudgetMatch.”
- When the user of an infected computer clicked on the domain name link for the official government website of the Internal Revenue Service, the user was instead taken to the website for H&R Block, a major tax preparation business.
According to the Times article, most victims don't even know their computers have been infected, although the malicious software probably has slowed their web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.