Will the Internet Shutdown on Monday?

No Internet?
No Internet? | Source

Background

When you browse the web, you type the name of the web server for the site you wish to visit--like www.hubpages.com. The web server name is in the form that people can easily remember.

However, behind the scenes, your computer has to convert the name into an Internet address which is in some numeric form before it actually makes the connection. For example, 66.211.109.13 is the Internet address of hubpages.com.

The system within the Internet that does the mapping of names to Internet addresses is called DNS (Domain Name System). The computers that do the name to Internet address translation are called DNS servers. These servers have Internet addresses which is used by your computer to direct name to Internet address translation requests.

Your computer generally gets the addresses for these DNS servers from your Internet Service Provider (ISP) via your Internet router. It's typically all automatic.

In 2007, some Estonian hackers took advantage of this process and built a malware that would change the DNS settings of people's computer to point to the hacker's DNS servers.

So if your computer got infected by this malware, any name to Internet address request by your computer would go to the hackers DNS servers, which would then direct your computer to Internet ads. The ads grossed the hackers around $14M.

It wasn't until November 2011 when these criminals were caught. However, there are still some estimated 250,000 computers infected by this malware (known as the DNS Changer). With so many computers still infected, the courts ordered the FBI to leave the hacker's DNS servers running, but instead of directing people's computers to ads, they redirected the name to IP address requests to the correct DNS servers, which gave the appearance (to users of infected computers) that things are working just fine.

On Monday, 09 Jul 2012, the FBI will turn off these hacker servers. Come Monday, if your computer is infected by the DNS Changer malware, it will appear that the Internet is down.

Are You Infected?

Before Monday comes around, you should do a quick check using some resources provided by DNS Changer Working Group. For example, if you browse to this link (or http://www.dns-ok.us/), and you see the image below with the green background, it means your computer is likely not infected; but if you see a red background, you may be infected.

Not Likely to be Infected
Not Likely to be Infected | Source

If you really want to be sure if you are or not infected, and you are a computer geek, the easiest thing to do is open up a CMD window (in Windows), and type the command "ipconfig /all" and look for the DNS servers settings. Mine happens to be set to these Internet addresses: 208.67.222.222 and 208.67.220.220.

This is how the output of the command IPCONFIG /ALL looks like:

Output of IPCONFIG /ALL
Output of IPCONFIG /ALL | Source

Check your DNS server settings and see if it falls within the ranges of known rouge DNS server Internet addresses:

  • 85.255.112.0 through 85.255.127.255
  • 67.210.0.0 through 67.210.15.255
  • 93.188.160.0 through 93.188.167.255
  • 77.67.83.0 through 77.67.83.255
  • 213.109.64.0 through 213.109.79.255
  • 64.28.176.0 through 64.28.191.255

Start by comparing the first number before the first dot. If the first number matches, then check the second number, then the third. In most cases, you should be able to quickly tell by just comparing the numbers before the first dot.

Good luck!

Infected? What Now?

If you've determined that you are infected and you don't have an antivirus program that can detect and remove it, then use one of the following tools referenced by the DNS Changer Working Group below:

  1. Hitman Pro (32bit and 64bit versions) http://www.surfright.nl/en/products/
  2. Kaspersky Labs TDSSKiller http://support.kaspersky.com/faq/?qid=208283363
  3. McAfee Stinger http://www.mcafee.com/us/downloads/free-tools/stinger.aspx
  4. Microsoft Windows Defender Offline http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline
  5. Microsoft Safety Scanner http://www.microsoft.com/security/scanner/en-us/default.aspx
  6. Norton Power Eraser http://security.symantec.com/nbrt/npe.aspx
  7. Trend Micro Housecall http://housecall.trendmicro.com
  8. MacScan http://macscan.securemac.com/
  9. Avira http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1199 Avira’s DNS Repair-Tool

Worst Case Scenario

What's the worst thing that can happen when Monday comes and all of a sudden your computer can't reach the Internet?

Don't worry, your computer is still functional for things that don't need the Internet.

And if you can't live without the Internet, there's always the Geek Squad or your computer geek friend.

You might want to start with your geek friend because the Geek Squad will charge you in the order of $200 to fix your problem.

Final Note

The news media has put so much hype around this event. For most of you, this will be a non-event.

But just to be on the safe side, check if you computer is infected. If it is, run your current anti-virus program to detect and remove the malware, or you can use a free tool listed by the DNS Changer Working Group.

Hurry, do this before Monday, 09 Jul 2012.


References

More by this Author


Comments 5 comments

Conservative Lady profile image

Conservative Lady 4 years ago from Surprise Arizona - formerly resided in Washington State

Very reassuring Hub - I did check and my computer seems to be fine. But I will keep my Geek friend on speed dial just in case. Good tips, voted up and useful.


Arren123 profile image

Arren123 4 years ago from UK

Very interesting and I didn't know about it. Did the check and all green here :), voted up and useful :)


forlanda profile image

forlanda 4 years ago from US of A Author

Conservative Lady and Arren123, I'm glad this was useful. I think some people will be impacted by the malware DNS Changer, but not as much as most of the news hype would make you believe. Let's see what happens on Monday.


anonymous 4 years ago

yea well my router sets my DNS and I always know what it is. Anyone infected by this deserves to be cut off that would force them to run a virus scan. the gov did a disservice to all of us by allowing them to stray online for over a year and the infected computers to spread even more viruses they may have. If they had one they likel had many more because of the ignorant owners.


forlanda profile image

forlanda 4 years ago from US of A Author

You may be right on that. By doing redirects, users of infected computers were temporarily shielded from the problem while the infection probably continued to latch on to other computers. If they had just shut down the service last year, the problem would have been quickly discovered by the computer users, and they would have had their computers fixed somehow.

    Sign in or sign up and post using a HubPages Network account.

    0 of 8192 characters used
    Post Comment

    No HTML is allowed in comments, but URLs will be hyperlinked. Comments are not for promoting your articles or other sites.


    Click to Rate This Article
    working