DNS Changer Trojan: FBI might shutdown the Internet on March 8

Millions of computer users across the world could be blocked off from the Internet as early as March 8 if the FBI follows through with plans to yank a series of servers originally installed to combat corruption.

Last year, authorities in Estonia apprehended six men believed responsible for creating a malicious computer script called the DNS Changer Trojan.

Once set loose on the Web, the worm corrupted computers in upwards of 100 countries, including an estimated 500,000 in America alone.

The US Federal Bureau of Investigation later stepped up by replacing the rogue Trojan with servers of their own in an attempt to remediate the damage, but the fix was only temporary. Now the FBI is expected to end use of those replacement servers as early as next month and, at that point, the Internet for millions could essentially be over.

When functioning as its creators intended, the DNS Changer Trojan infected computers and redirected users hoping to surf to certain websites to malicious ones.

Traditionally, DNS, or Domain Name System, servers translate alphabetical, traditional website URLs to their actual, numeric counterpart in order to guide users across the World Wide Web.

Once infected by the DNS Changer Trojan, however, websites entered into Internet browsers were hijacked to malicious servers and, in turn, directed the user to an unintended, fraudulent site.
In coordination with the arrests in Estonia, the FBI shut down the malicious DNS Changer botnet network, and, additionally, replaced them with surrogate servers to correct the problem.

Those servers, however, were installed "just long enough for companies and home users to remove DNS Changer malware from their machines," according to the court order that established them. That deadline is March 8, and those surrogate servers are expected to be retired then. At that point, computers still infected with the Trojan will be essentially unable to navigate the Internet.

Who, exactly, will be affected? Security company IID (Internet Identity) believes that half of all Fortune 500 companies and more than two dozen major government entities in the US are still currently infected with the worm as of early 2012.

Unless they take the proper steps to eradicate the Trojan from their systems, millions of users worldwide will be left hog-tied, helplessly attempting to navigate to nonexistent servers and, in effect, without the Web.

“At this rate, a lot of users are going to see their Internet break on March 8,” Rod Rasmussen, president and chief technology officer at Internet Identity, cautions Krebs On Security.

Currently, both the computer industry and law enforcement are working together through a coalition they’ve established called the DNSChanger Working Group.

That group has been tasked with examining the options in phasing out the surrogate servers set up by the feds, but unless an alternative plan is agreed on, a great port of the Web will go dark next month.

“I’m guessing a lot more people would care at that point,” Rasmussen adds.

While infected users are cautioned to correct the problem now, millions internationally are still believed to be infected.

“It certainly would be an interesting social experiment if these systems just got cut off,” he adds.