Virus hampering Internet use for millions

VERNAL — Computers of all makes and models sit on shelves in the back room at Techris Design, waiting to have the harmful content that's built up on their hard drives removed.

That's the bulk of the small repair shop's business.

"Ninety percent of the work that we do is virus removal and repair," owner Ted Munford said.

Munford and others in his line of work could be extremely busy in the next few weeks, thanks to a piece of malware that federal prosecutors allege was created by a group of Estonian cyber criminals.

In November, the FBI and police in Estonia wrapped up Operation Ghost Click, which resulted in the arrest and indictment of six Estonian nationals. The group had compromised millions of computers around the world with a bug known as DNSChanger.

The malicious software — known in the industry as malware — changed the Domain Name Server, or DNS, for a targeted website, redirecting Internet users from the sites they were seeking to other sites. Federal authorities say the Estonians sent Web surfers to these ghost sites, which featured specific advertisements, then collected an estimated $16 million from the advertisers for the extra Web traffic.

DNSChanger also shut down antivirus software on infected machines, exposing them to the potential for additional harm.

The FBI took the group's servers offline. The bureau then obtained a court order to set up "clean servers" as a means of keeping individual users, companies and government agencies with infected computers from immediately losing access to the Internet.

But the court order is set to expire March 8, and there is still a large number of infected computers, many in the United States.

Internet Identity, a computer security firm based in Tacoma, Wash., released the results of a DNSChanger survey earlier this month. It showed that more than half of Fortune 500 companies in the U.S. have at least one infected computer or Internet router in their systems, as do 27 of 55 major U.S. government agencies.

Internet Identity CEO Lars Harvey declined to identify which companies or agencies are affected when contacted Monday by the Deseret News. Nondisclosure was one of the terms the firm had to agree to in order to obtain information for its survey, he said.

The FBI, however, identified NASA as one of the government agencies that had infected computers.

But the greatest threat isn't to government or big business, Harvey said.