Internet blackout: Virus impact seems limited

Photo courtesy Flickr user noii

(MoneyWatch) Just as computer users bit their nails as January 1, 2000, approached,  businesses and individuals have been wary of today, July 9, 2012. That's because at 12:01 a.m. the FBI finally pulled the plug on a set of servers that have been directing Internet traffic for a year to support users whose computers had been infected with malicious software. If you're connected to one of those servers, you'll still technically be connected to the Internet, but your Web browser will no longer know where to go, since there won't be a DNS server to convert plain English Web addresses -- like "google.com" -- into the numeric domain names codes it needs to navigate.

The good news is that the impact seems to have been limited, according to early reports. An FBI spokeswoman told CBS MoneyWatch that as of yesterday, about 41,800 U.S. Internet addresses (211,000 worldwide) were potentially affected, but internet providers say their surveys haven't found many victims.

As I reported last week, all this started in 2011 when the FBI broke up a criminal conspiracy that was using  malware called DNS Changer to infiltrate computers and redirect them to malicious Web sites using corrupted DNS servers. Once you were infected with DNS Changer, your computer would no longer go where expected when surfing the Web.

The FBI seems to have done an effective job: Agents made arrests and seized the bad DNS servers. But because millions of PCs worldwide were already pointed at these servers, they couldn't just take them offline, or all those users would lose Internet access. Instead, the Feds have been operating them ever since with clean and authentic DNS data.

The party couldn't last forever, though, and the FBI is no longer willing to pay to maintain the servers. Today, the servers went dark.

On CNET: How to detect and fix a machine infected with DNSChanger

You probably want to know if you're affected. The short answer is: It's unlikely. While the FBI originally cited 4 million affected users in more than 100 countries, awareness campaigns and the slow march of updated anti-virus definitions whittled that number down.

Optimal Networks, a technology support and consulting company, weighs in with its own estimate. CEO Heinan Landa says "Out of approximately 670 computers that we have scanned, we found 14 that still contained the malware." Landa went on to estimate that computers not managed by IT departments might have a somewhat higher rate of infection -- around 4 percent.

Moreover, My IT Department Principal Lenny Fuchs says: "I am willing to bet that a sizable portion [of infected computers] are public or shared computers, like in business centers and libraries."

As I've previously explained, it's easy to see if you have an affected PC: just visit http://dns-ok.us.

If you are infected, cleaning your PC is less straight-forward. You can find complete instructions for repairing your PC at the DCWG Website. Unfortunately, you might discover that one of your PCs is infected too late -- after the DNS servers go offline. In that case, the easiest solution is to contact your Internet Service Provider, who may be able to help you get back online.

Photo courtesy Flickr user noii