In about two weeks, hundreds of thousands of computer users are going to learn the hard way that failing to keep a clean machine comes with consequences. On July 9, 2012, any systems still infected with the DNSChanger Trojan will be summarily disconnected from the rest of the Internet, and the latest reports indicate this malware is still resident on systems at 12 percent of Fortune 500 companies, and roughly four percent of U.S. federal agencies.
In a bid to help users clean up infections, security experts won court approval last year to seize control of the infrastructure that powered the search-hijacking Trojan. But a court-imposed deadline to power down that infrastructure will sever Internet access for PCs that are not rid of the malware before July 9, 2012.
According to Internet Identity, 12 percent of all Fortune 500 companies and four percent of “major” U.S. federal agencies are still infected (a link to Internet Identity’s full infographic is here). The latest stats from the DNSChanger Working Group, an industry consortium working to eradicate the malware, more than 300,000 systems are still infected.
That number is likely conservative: The DCWG measures infections by Internet protocol (IP) addresses, not unique systems. Because many systems that are on the same local network often share the same IP address, the actual number of DNSChanger-infected machines is probably quite a bit higher than 300,000.