Internet may drop for hundreds of thousands in July due to hacker malware


Unknown to most computer users, the problem began with international hackers running an online advertising scam to take control of infected computers worldwide. In response, the FBI set up a safety net months ago to prevent Internet disruptions for those infected users. But here's where the problem kicks in - that system is to be shut down.

So, the FBI is encouraging computer users to visit, a website run by its security partner. The website contains information to see if your computer is infected and explains how to fix the problem.

After July 9, infected users will not be able to connect to the Internet.

Most victims don't even know their computers have been infected, although the malicious software probably has slowed their web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.

Last November, the FBI and other authorities were preparing to take down a hacker ring that had been running an Internet ad scam on a massive network of infected computers. However, officials said if they just threw everyone involved in jail, the victims of the virus would be without Internet service.

"The average user would open up Internet Explorer and get 'page not found' and think the Internet is broken," explained Tom Grasso, an FBI supervisory special agent.

On the night of the arrests, the agency brought in Paul Vixie, chairman and founder of Internet Systems Consortium, to install two Internet servers to take the place of the truckload of impounded rogue servers that infected computers were using. Federal officials planned to keep their servers online until March, giving everyone the opportunity to clean their computers. But it wasn't enough time. A federal judge in New York extended the deadline until July.

Now, said Grasso, "the full court press is on to get people to address this problem." And it's up to computer users to check their PCs.

Here's what the hackers did: They infected a network of probably more than 570,000 computers worldwide. The malware turned off antivirus updates and changed the way the computers reconcile website addresses behind the scenes on the Internet's domain name system.

The DNS system is a network of servers that translates a Web address into the numerical addresses that computers use. Victims' computers were reprogrammed to use rogue DNS servers owned by the attackers. This allowed the attackers to redirect computers to fraudulent versions of any website.

The hackers earned profits from advertisements that appeared on websites that victims were tricked into visiting. The scam netted the hackers at least $14 million, according to the FBI. It also made thousands of computers reliant on the rogue servers for their Internet browsing.

When the FBI and others made the arrests in November, the agency replaced the rogue servers with clean ones. Installing and running the two substitute servers for eight months is costing the federal government about $87,000.

The number of victims is hard to pinpoint, but the FBI believes that on the day of the arrests, at least 568,000 unique Internet addresses were using the rogue servers. Five months later, FBI estimates that the number is down to at least 360,000. The U.S. has the most, about 85,000, federal authorities said. Other countries with more than 20,000 each include Italy, India, England and Germany. Smaller numbers are online in Spain, France, Canada, China and Mexico.

The Associated Press contributed to this report.

Copyright © 2021 KABC-TV. All Rights Reserved.