The number of users affected by the DNSChanger virus has fallen to 300K from the 4 million reported earlier as a result of a large number of users taking the delayed shut down of temporary DNS servers from March to July seriously and taking appropriate steps and updates. According to details by the DNSChanger Working Group, the number of infected systems worldwide now stands at 303,867 – a massive decline from the earlier 4 million. India has the third-highest number of DNS infections after the United States and Italy.
As reports going around may have already informed most, July 9 is the date when roughly half a million people will lose access to the Internet, following the FBI shutting down temporary DNS servers affecting those that have been affected by the dreaded DNSChanger virus. In November of 2011, FBI had identified and located a ring of cyber criminals who managed to infect more that 4 million computers globally using a Trojan called DNSChanger. The virus managed to break into both personal and corporate PCs and redirected the computers to a host of DNS services, which led web searches to malicious websites. Starting from 2007, the criminals employed DNSChanger to infect roughly 4 million PCs in over 100 countries. In the U.S. alone, there were about 500,000 such infections. These also included systems belonging to individuals, businesses, and government agencies such as NASA. Reportedly, the cyber criminals managed to 'manipulate' Internet advertising and as a result generated approximately $14 million in 'illicit fees'. Referred to as 'clickjacking', they led a user with an infected system to believe that they are clicking on a website, but users instead were led to websites with fraud ads, enabling the rogues to get the click revenue stream.
A massive decline in the number of impacted users. (Image credit: Getty Images)
Incidentally, it has been found that in some cases, the malware also managed to prevent a users' anti-virus software and OS from updating, thereby leaving more room for malicious activity to wreak havoc, in addition to the other harm that it inflicts on a system. What emerged as an even more worrying aspect was that it was not only infected PCs that were using the bad DNS servers, but the havoc had spread to other everyday home and work devices, like wifi-enabled mobile phones, tablets, smart HDTVs, digital video recorders, and game consoles. Basically, the criminals would change the web content that users downloaded to suit their needs and make money.
Then came in the FBI's “Operation Ghost Click” investigation, which managed to yield some results – there were arrests, they managed to even seize some of the DNS servers. However, by then a large number of PCs had already been broken into, and the Feds continued to operate them with clean and authentic DNS data.
It had then been revealed that the 'kill date' initially was March 8, but the FBI, according to reports, managed to get a court order, following which it got postponed to July 9, which is when the aforementioned court order expires. The FBI sought for the delay so that people would have more time on their hands to ensure that their systems would not be affected. Reportedly, 'the impacted computers will not be able to access to the internet – this action will not remove the malware from those systems.'
In an eye-opener of sorts, a report by IID (Internet Identity) found that 12 percent of the Fortune 500 companies and 4 percent of the government agencies still have machines infected with malware. Incidentally, the July 9 run of events will only affect a small chunk of the world's actual Internet user population.