A few days ago, the FBI and some internet doomsayers predicted that hundreds of thousands of infected computers will go black because of the DNSChanger malware released months ago. Well, their predictions seem a bit overblown as Internet Service Providers around the world reported an insignificant number of calls requesting for assistance of this time. The prediction that infected machines would be unable to connect as the clock would struck midnight of July 9 did not materialize.
The FBI had previously released a planned shutdown of temporary DNS servers acting as safety nets for PCs identified as infected by an online scam involving a malware created by Estonian and Russian hackers.
The night before July 9, an estimated 211,000 computers around the world were still considered afflicted by the malware including over 42,000 machines in the United States as reported by the FBI. An FBI spokesman said that those US computers were cut-off as of Monday morning as the temporary servers commissioned by the US Government were pulled out. The said servers have been running since November 2011, as the FBI started to probe and eventually shutdown the crime ring responsible.
It is known that at the peak of the infection, more than 4 million computers worldwide have been affected. While 200,000 computers still affected may seem a large number still, the reduction in number from millions of infected ones is a dramatic improvement from where things stood since last year. The industry-wide effort for past few months to bring awareness and to combat the plague can be considered largely successful as more than 90% of infected machines were fixed before the temporary DNS servers were terminated.
Comcast reported that a “miniscule” number of malware-related call volume has been logged from customers as of Monday. As the largest internet service provider in the US, Comcast has been trying to educate its subscribers about the infection through various means of communication like emails, letters, phone calls, and browser notifications since January.
The same is through for Verizon, which was also trying to inform its subscribers by reaching out to them through various means.
The issue started in November last year when a group of Estonian nationals running an online scam ring was apprehended by the FBI. The group was said to have earned an estimated $14 million dollars in profits by spreading the malware to millions of computers.
According to the FBI, the scam has been going on for years. Infected computers were redirected to different sites hosting online advertising. Instead of knocking down the infected computers right away, the FBI, in a surprising move, set-up temporary DNS servers to allow the people to continue to connect to the internet.
The original schedule to turn off the servers was March but the government extended the deadline to give ample time to people to repair their computers. Tech company giants Google and Facebook joined the awareness effort of the government by notifying users of the infection.
Security analysts said the effort was worth it and the plan worked well.
According to Paul Roberts in a quote from Threatpost, a news site of Kaspersky Lab, “the impending DNSChanger ‘black out’ threatens to obscure what has been a highly successful effort — one of few to date — to stamp out a global online scam and malware infestation.”