Skip to main content

FBI: More than 300,000 could lose Web access by July

Doug Gross, CNN
A friendly image of cartoon-like characters means a computer is free from the DNS malware.
A friendly image of cartoon-like characters means a computer is free from the DNS malware.
STORY HIGHLIGHTS
  • Hundreds of thousands could lose Web access after a multi-million-dollar malware scam
  • FBI set up temporary servers so users wouldn't lose their Internet access
  • Those servers will be shut down on July 9
  • FBI has set up a site to see if you're infected and to help you fix your computer

(CNN) -- In the wake of a multi-million-dollar online scam, more than 300,000 computer users worldwide could find themselves without Web access this summer.

Luckily for them, it will only take a few clicks to clean things up.

The FBI announced that it's created a website where users can check whether they're infected with malware and remove it if they are. Check your computer here -- http://www.dcwg.org. The site was at times difficult to access on Monday, presumably due to heavy traffic.

Let us explain: In November, six Estonian nationals were arrested on charges of fraud after a two-year FBI probe called Operation Ghost Click.

They're accused of infecting computers worldwide with malware called DNS Changer, which opened up the computers to viruses. The alleged crooks used the access to direct users to their own servers and manipulate online advertising, racking up more than $14 million in illegal income, according to the FBI.

"They were organized and operating as a traditional business but profiting illegally as the result of the malware," an unnamed FBI agent said in a news release about the arrests. "There was a level of complexity here that we haven't seen before."

The FBI originally estimated the scam had hit millions of computers worldwide, but has since scaled back those estimates to hundreds of thousands. They think about 350,000 computers are still infected, including 85,000 in the United States.

The U.S. computers included some at government agencies, including NASA.

Last month, the FBI announced that it had set up temporary "clean" servers to make sure the users impacted by the attack didn't lose Web access. Those servers will be shut down on July 9, and anyone still infected will be unable to access the Internet afterward.

If it had merely shut down the rogue servers, many of those infected wouldn't have been able to access the Web at all, the FBI said.

Most infected users on the FBI servers may not have noticed anything different, although the malware itself may have made their Web access slower and disabled their anti-virus software.

Domain Name System, or DNS, servers are what online computers visit to reach the website they are seeking. By routing them to rogue servers, criminals can control which websites a computer visits.

By visiting the website set up by the FBI, users can click to see if their computer is infected. An image with a green background appears if they're OK, while a red one shows up if they're not. If infected, they're then directed to information on how to remove the malware.

The case against the accused scammers is still pending in federal court. One of them was extradited last week from Estonia to New York to face charges.

ADVERTISEMENT
ADVERTISEMENT