Still infected, 300,000 PCs to lose Internet access July 9

If you haven’t already seen the screaming headlines across the blogosphere declaring the arrival of Internet Armageddon for a quarter-million PCs because of a virus, allow us to get you up to speed. Believe it or not, some of the 4 million computers hijacked by Estonian and Russian hackers through a long-running botnet called DNSChanger are still not patched, over eight months after the FBI and Estonian authorities broke up the ring in November of 2011.

The botnet took control of PCs, changing their DNS settings to connect to rogue DNS servers, which allowed the ring to reroute a user’s click on web advertisements to alternative sites and replace web ads with those of companies that paid the ring for clicks. When the FBI shut down the rogue DNS servers at the center of the ring, the US District Court for the Southern District of New York appointed Internet Systems Consortium, a not-for-profit company, to keep running replacement DNS servers so affected users would not lose Internet access before they could remove the botnet and fix their DNS settings. The FBI also posted tools to help PC owners check to see if their system was affected by the botnet. (If you haven’t checked yours, go there now.)

On Monday, July 9, the court order runs out, and ISC will pull the plug on the DNS servers. But by some estimates, as many as 300,000 computers are still using the DNS servers to resolve their Internet searches. Those systems will lose the ability to resolve domain names for web sites and email when the server is disconnected.

Don’t say you weren’t warned.

http://arstechnica.com/security/2012/07/still-infected-300000-pcs-to-lose-internet-access-july-9/

You can check to see if you are looking up IP addresses correctly here:

http://www.dns-ok.us/