FBI Could Pull the Plug On Millions of Internet Users March 8

fbisealbetabeat FBI Could Pull the Plug On Millions of Internet Users March 8The Federal Bureau of Investigation may yank several crucial domain name servers (DNS) offline on March 8, blocking millions from using the Internet. The servers in the FBI’s crosshairs were installed in 2011 to deal with a nasty worm dubbed DNSChanger Trojan. DNSChanger can get an innocent end-user in trouble; it changes an infected system’s DNS settings to shunt Web traffic to unwanted and possibly even illegal sites.

DNSChanger oozed out of Estonia and may have fouled up as many as a half-million computers in the United States. The feds’ temporary fix to keep the worm from propagating was to replace infected servers with clean surrogates.

Coordinating with the Estonian authorities who arrested those believed responsible for the worm, the FBI set up what amounted to a Maginot Line of temporary servers that would to give businesses and private individuals affected by DNSChanger time to cleanse infected systems. However, this may not have been enough to save all the afflicted. Cyber security journalist Brian Krebs writes:

Computers still infected with DNSChanger are up against a countdown clock. As part of the DNSChanger botnet takedown, the feds secured a court order to replace the Trojan’s DNS infrastructure with surrogate, legitimate DNS servers. But those servers are only allowed to operate until March 8, 2012. Unless the court extends that order, any computers still infected with DNSChanger may no longer be able to browse the Web.

[Internet Identity president and CTO Rod] Rasmussen said there are still millions of PCs infected with DNSChanger. “At this rate, a lot of users are going to see their Internet break on March 8.”

According to Mr. Krebs, Internet Identity believes DNSChanger infected “half of all Fortune 500 firms, and 27 out of 55 major government entities.”

Large network operators unsure as to whether their system is infected can contact the DNS Changer Working Group for assistance here. Private users may be able to ferret out a localized infection by following steps outlined here, at

[Krebs on Security via RT]

Follow Steve Huff via RSS.


  1. Mark Phillip says:

    This is a ridiculously misleading headline.

    1. Guest says:

      More HITS = More REVENUE

      1. TheMan says:


        It’s amazing how many people within an office environment have no idea how to safely browse the internet and handle emails/attachments.

        A simple educational seminar within the office would help bring the not-so-computer-savvy up to speed with internet security, and thus, ultimately, greatly reducing these numbers: “half of all Fortune 500 firms, and 27 out of 55 major government entities.”

        I know who these people are, and I’m sure most of you do too.  They’re the people that when you’re in the office and catch a quick glimpse of their browser, they’re using IE6 and/or have ~98 toolbars installed and ~794 applications running in the background that they have no idea what they’re doing.

        For something people use every single day (a computer), you’d think teaching them the basics would be mandatory.

    2. Anonymous says:

      What would you have called it?

  2. CmeHere says:

    ummm ok so is this for mac and PC or just PC? If so how do you take care it. Is it different than others when handling to remove it. It would be nice to get a way to find out if you have it what type of computers can get it and how to deal with the issue. This just a statement not an article. All you are stating is that the internet is going to be down for people, from what it sounds like for good. For something that needs to be taken care of if you are one. So a whole bunch of people are going to loss internet and you can’t actually tell people what to do to stop it from happening to them. Nice reporting there buddy. Next time don’t just sate the problem, look and write about possible answers not just a statement on what is going to happen and a quote from somebody else’s article that states the same. Come on this is like the first thing you learn about journalism. 

  3. Large network operators unsure as to whether their system is infected should be fired.

    1. Phantom RK says:


      Care for a RoOt kIt that you will never find?

      Educate yourself, sonny; educate yourself!

  4. Woundhealer1 says:

    Why is this news?  I think anybody infected with a virus should be cut off from any network immediately.