Internet could go dark for millions if court order expires

Published: Tuesday, Feb. 21 2012 11:01 a.m. MST

Shutterstock.com

Enlarge photo»

VERNAL — Computers of all makes and models sit on shelves in the back room at Techris Design, waiting to have the harmful content that's built up on their hard drives removed.

That's the bulk of the small repair shop's business.

"Ninety percent of the work that we do is virus removal and repair," owner Ted Munford said. 

Munford and others in his line of work could be extremely busy in the next few weeks, thanks to a piece of malware that federal prosecutors allege was created by a group of Estonian cyber criminals.

In November, the FBI and police in Estonia wrapped up Operation Ghost Click, which resulted in the arrest and indictment of six Estonian nationals. The group had compromised millions of computers around the world with a bug known as DNSChanger.

The malicious software — known in the industry as "malware" — changed the Domain Name Server, or DNS, for a targeted website, redirecting Internet users from the sites they were seeking to other sites. Federal authorities say the Estonians sent Web surfers to these ghost sites, which featured specific advertisements, then collected an estimated $16 million from the advertisers for the extra Web traffic.

DNSChanger also shut down antivirus software on infected machines, exposing them to the potential for additional harm.

The FBI took the group's rogue servers offline. The bureau then obtained a court order to set up "clean servers" as a means of keeping individual users, companies and government agencies with infected computers from immediately losing access to the Internet.

But the court order is set to expire March 8, and there are still a large number of infected computers, many in the United States alone.

Internet Identity, a computer security firm based in Tacoma, Wash., released the results of a DNSChanger survey earlier this month. It showed that more than half of Fortune 500 companies in the U.S. have at least one infected computer or Internet router in their systems, as do 27 of 55 major U.S. government agencies.

Internet Identity CEO Lars Harvey declined to identify which companies or agencies are affected when contacted Monday by the Deseret News. Nondisclosure was one of the terms the firm had to agree to in order to obtain information for its survey, he said.

The FBI, however, identified NASA as one of the government agencies that had infected computers.

But the greatest threat isn't to government or big business, Harvey said.

"Most of the (infected) computers belong to home users or small businesses," he said, adding that the alleged cyber criminals "weren't targeting agencies or large enterprises, but they got caught up in it."

Efforts are under way to extend the court order that allowed the "clean servers" to be established, Harvey said.

"But that's up to the judge," he said.

Munford said people need to be more aware when it comes to maintaining their computers.

"A computer is a lot like a car," he said. "It's a good idea to have maintenance run on it regularly. Once every six months would probably be plenty."

Avoiding file sharing sites like Limewire.com will prevent a lot of computer problems, as will staying away from pornography on the Internet, he said.

"The easiest way I know to catch a virus is to go surf porn," Munford said. "Any pornographic material frequently has viruses and malware attached to it."

Anyone who is concerned that their computer has been infected by DNSChanger can visit a page set up on the FBI's website. Individuals or companies can also report an infected computer on the bureau's site.

E-mail: gliesik@desnews.com Twitter: GeoffLiesik

Get The Deseret News Everywhere

Subscribe

Mobile

RSS