Will the Internet Shutdown on Monday?
Background
When you browse the web, you type the name of the web server for the site you wish to visit--like www.hubpages.com. The web server name is in the form that people can easily remember.
However, behind the scenes, your computer has to convert the name into an Internet address which is in some numeric form before it actually makes the connection. For example, 66.211.109.13 is the Internet address of hubpages.com.
The system within the Internet that does the mapping of names to Internet addresses is called DNS (Domain Name System). The computers that do the name to Internet address translation are called DNS servers. These servers have Internet addresses which is used by your computer to direct name to Internet address translation requests.
Your computer generally gets the addresses for these DNS servers from your Internet Service Provider (ISP) via your Internet router. It's typically all automatic.
In 2007, some Estonian hackers took advantage of this process and built a malware that would change the DNS settings of people's computer to point to the hacker's DNS servers.
So if your computer got infected by this malware, any name to Internet address request by your computer would go to the hackers DNS servers, which would then direct your computer to Internet ads. The ads grossed the hackers around $14M.
It wasn't until November 2011 when these criminals were caught. However, there are still some estimated 250,000 computers infected by this malware (known as the DNS Changer). With so many computers still infected, the courts ordered the FBI to leave the hacker's DNS servers running, but instead of directing people's computers to ads, they redirected the name to IP address requests to the correct DNS servers, which gave the appearance (to users of infected computers) that things are working just fine.
On Monday, 09 Jul 2012, the FBI will turn off these hacker servers. Come Monday, if your computer is infected by the DNS Changer malware, it will appear that the Internet is down.
Are You Infected?
Before Monday comes around, you should do a quick check using some resources provided by DNS Changer Working Group. For example, if you browse to this link (or http://www.dns-ok.us/), and you see the image below with the green background, it means your computer is likely not infected; but if you see a red background, you may be infected.
If you really want to be sure if you are or not infected, and you are a computer geek, the easiest thing to do is open up a CMD window (in Windows), and type the command "ipconfig /all" and look for the DNS servers settings. Mine happens to be set to these Internet addresses: 208.67.222.222 and 208.67.220.220.
This is how the output of the command IPCONFIG /ALL looks like:
Check your DNS server settings and see if it falls within the ranges of known rouge DNS server Internet addresses:
- 85.255.112.0 through 85.255.127.255
- 67.210.0.0 through 67.210.15.255
- 93.188.160.0 through 93.188.167.255
- 77.67.83.0 through 77.67.83.255
- 213.109.64.0 through 213.109.79.255
- 64.28.176.0 through 64.28.191.255
Start by comparing the first number before the first dot. If the first number matches, then check the second number, then the third. In most cases, you should be able to quickly tell by just comparing the numbers before the first dot.
Good luck!
Infected? What Now?
If you've determined that you are infected and you don't have an antivirus program that can detect and remove it, then use one of the following tools referenced by the DNS Changer Working Group below:
- Hitman Pro (32bit and 64bit versions) http://www.surfright.nl/en/products/
- Kaspersky Labs TDSSKiller http://support.kaspersky.com/faq/?qid=208283363
- McAfee Stinger http://www.mcafee.com/us/downloads/free-tools/stinger.aspx
- Microsoft Windows Defender Offline http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline
- Microsoft Safety Scanner http://www.microsoft.com/security/scanner/en-us/default.aspx
- Norton Power Eraser http://security.symantec.com/nbrt/npe.aspx
- Trend Micro Housecall http://housecall.trendmicro.com
- MacScan http://macscan.securemac.com/
- Avira http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1199 Avira’s DNS Repair-Tool
Worst Case Scenario
What's the worst thing that can happen when Monday comes and all of a sudden your computer can't reach the Internet?
Don't worry, your computer is still functional for things that don't need the Internet.
And if you can't live without the Internet, there's always the Geek Squad or your computer geek friend.
You might want to start with your geek friend because the Geek Squad will charge you in the order of $200 to fix your problem.
Final Note
The news media has put so much hype around this event. For most of you, this will be a non-event.
But just to be on the safe side, check if you computer is infected. If it is, run your current anti-virus program to detect and remove the malware, or you can use a free tool listed by the DNS Changer Working Group.
Hurry, do this before Monday, 09 Jul 2012.
References
- DNS Changer, FBI.gov
- DNS Changer Check Up Sites, FBI.gov
- DNS Changer Working Group, dcwg.org