A massive global Internet outage could take place on Monday if companies have failed to clear their computer of DNSChanger malware.
It’s not known how many computers are still infected with DNSChanger, but the initial estimate – when it was first uncovered last year – was well over 500 000 just in the US.
How DNSChanger works is by taking control of a user’s DNS servers and then controlling what sites the user can connect to.
The FBI explains: “By controlling DNS, a criminal can get an unsuspecting user to connect to a fraudulent web site or to interfere with that user’s online web browsing.
“One way criminals do this is by infecting computers with a class of malicious software (malware) called DNSChanger. In this scenario, the criminal uses the malware to change the user’s DNS server settings to replace the ISP’s good DNS servers with bad DNS servers operated by the criminal. A bad DNS server operated by a criminal is referred to as a rogue DNS server.”
Last year, the FBI uncovered a network of rogue DNS servers and took steps to disable it.
However, this means victims who rely on the rogue DNS network for DNS service could lose access to all DNS services.
To give companies an opportunity to detect a DNSChanger infection and remove it, the Internet Systems Consortium (ISC) has been maintaining clean CNS servers so that normal Internet activity can continue.
However, these temporary servers will be switched off on Monday (9 July) and companies still harbouring the DNSChanger malware will be unable to connect.
Server administrators and ISPs are urged to check their systems are free of the malware before Monday.