Millions of PCs sickened by a global computer contagion known as DNSChanger were slated to have their life support yanked on March 8. But an order handed down Monday by a federal judge will delay that disconnection by 120 days to give companies, businesses and governments more time to respond to the epidemic.
The reprieve came late Monday, when the judge overseeing the U.S. government’s landmark case against an international cyber fraud network agreed that extending the deadline was necessary “to continue to provide remediation details to industry channels approved by the FBI.”
DNSChanger modifies settings on a host PC that tell the computer how to find Web sites on the Internet, hijacking victims’ search results and preventing them from visiting security sites that might help detect and scrub the infections. The Internet servers that were used to control infected PCs were located in the United States, and in coordination with the arrest of the Estonian men in November, a New York district court ordered a private U.S. company to assume control over those servers. The government argued that the arrangement would give ISPs and companies time to identify and scrub infected PCs, systems that would otherwise be disconnected from the Internet if the control servers were shut down. The court agreed, and ordered that the surrogate control servers remain in operation until March 8.
But by early last month, it was becoming clear that more than 3 million PCs worldwide — including at least 500,000 in the United States — were still infected with DNSChanger. The company that released those estimates, security firm Internet Identity, reported that 50 percent of Fortune 500s and about half of all U.S. government agencies were still struggling with infections.
Updated infection figures released last week indicate that the government has made great strides in scrubbing the malware from its networks, but that more work is still needed. On Feb. 23, 2012, Internet Identity found that 94 of all Fortune 500 companies and three out of 55 major government entities had at least one computer or router that was infected with DNSChanger.
Internet users can quickly see if their PCs are infected with DNSChanger by visiting one of several “eye check” sites, including this one. DNSChanger also infected Mac OS X systems and home routers; go here if you need instructions for checking those systems for infections. A larger network owner can find out if any PCs on the local network are infected by reaching out to one of the entities in the DNSChanger Working Group.
A signed copy of the court order extending the deadline until July 9, 2012 is available here (.PDF).