'100,000s' at risk of web blackout, Google warns

The internet search giant Google is warning computer users that they must remove malicious software or risk losing access to the web.

A woman browses the Internet at a cyber cafe in Putrajaya June 16, 2011. At least 41 Malaysian government websites were hacked into overnight but no personal or financial data were compromised, government officials said on Thursday, as the Southeast Asian nation becomes the latest target of a cyber-war waged by the activists. REUTERS/Bazuki Muhammad (MALAYSIA - Tags: SOCIETY SCI TECH BUSINESS CRIME LAW) *** Local Caption ***  BAZ01_CYBER MALAYSI_0616_11.JPG
Beta V.1.0 - Powered by automated translation

DUBAI // Hundreds of thousands of internet users may lose web access on July 9 if they do not remove malicious software, also known as malware, from their computers.

Google, the internet search engine, has been alerting users to the threat of DNSChanger with the message “your computer appears to be infected” on machines infected by the software.

“After successfully alerting a million users last summer to a different type of malware, we’ve replicated this method and have started showing warnings via a special message that will appear at the top of the Google search results page for users with affected devices,” said Damian Menscher, a security engineer for Google.

The computers of as many as one million users around the world may be infected.

The Domain Name System (DNS) converts web address names into numbers that allow computers to send traffic to the right place.

DNSChanger alters DNS settings, forcing users to use malicious servers that redirect users to fake and other harmful sites. The malware also changes settings on home routers that, in turn, can infect other computers and mobile devices.

Officers from the US Federal Bureau of Investigation and Estonian arrested a group of people in connection with the malware in November. The agencies transferred control of the illegal DNS servers to the Internet Systems Consortium, a non-profit group that devises and maintains internet protocols.

Since then, internet service providers (ISPs) and other groups have been trying to alert victims.

“However, many of these campaigns have had limited success because they could not target the affected users, or did not appear in the user’s preferred language [only half the affected users speak English as their primary language],” said Mr Menscher.

“At the current disinfection rate, hundreds of thousands of devices will still be infected when the court order expires on July 9 and the replacement DNS servers are shut down,” he said. “At that time, any remaining infected machines may experience slowdowns or completely lose internet access.”

Mr Menscher said that Google’s intent was to raise awareness of DNSChanger among infected users.

“We believe directly messaging affected users on a trusted site and in their preferred language will produce the best possible results,” he said. “While we expect to notify over 500,000 users within a week, we realise we won’t reach every affected user.

“Some ISPs have been taking their own actions, a few of which will prevent our warning from being displayed on affecteddevices. We can’t guarantee that our recommendations will always clean infected devices completely, so some users may need to seek additional help.

"These conditions aside, if more devices are cleaned and steps are taken to better secure the machines against further abuse, the notification effort will be well worth it."


Find out if you're infected and how to fix the problem at ?www.dcwg.org