Companies and home users whose computers or routers are infected by the DNSChanger Trojan risk being unable to access the Web come March 8, 2012, when the FBI unplugs the legitimate DNS servers it set up to replace the rogue DNS servers that were forwarding victims to malicious sites. The removal of the fed's band aid could impact a substantial number of users, too, as half of Fortune 500 companies and government agencies are infected with the malware, according to a new report.
Back in November, the feds famously took down the DNSChanger botnet network, which a cyber criminal gang was using to redirect Internet traffic to phony websites that existed simply to serve up ads. To prevent the disruption of Internet traffic - and likely to monitor where DNSChanger traffic was coming from - the feds replaced the criminals' servers with clean ones that would push along traffic to its intended destination. Without the surrogate servers in place, infected PCs would have continued trying to send requests to aimed at the now-unplugged rogue servers, resulting in DNS errors.
That surrogate network was supposed to be temporary -- in operation just long enough for companies and home users to remove DNSChanger malware from their machines. Said network is slated to be unplugged on March 8. Once the surrogate server network is unplugged, computers infected with DNSChanger will not be able to access the Internet: The malware will send requests to servers that will no longer be online.
Unfortunately, the cleanup process has been slow, according to security company IID (Internet Identity): The company reports that at least 250 of Fortune 500 companies and 27 out of 55 major government entities had at least one computer or router that was infected with DNSChanger in early 2012.
Companies and users may get a reprise. According to Krebs on Security, the FBI's DNSChanger Working Group is weighing its options, including requesting a court order to extend the March 8 deadline.
Would providing an extension be the most prudent move, though?