FBI Warning About Operation Ghost Click

 

The FBI is warning that hundreds of thousands of people could lose their Internet connections come July, unless they take steps to diagnose and disinfect their computers.

 

The problem is related to malware called DNSChanger that was first discovered way back in 2007 and that has infected millions of computers worldwide.

 

In simple terms, when you type a Web address into your browser, your computer contacts DNS (or Domain Name System) servers to find out the numerical Internet Protocol (IP) address of the site you’re trying to reach, and then it takes you there. DNSChanger fiddled with an infected machine’s settings and directed it to rogue servers set up by a crime ring — servers that handed out addresses to whatever sites the ring chose.

 

The DNSChanger Working Group said early this year that about 450,000 systems were still infected by the DNSChanger virus.

 

As noted in the FBI press release, the crooks “were international cyberbandits who hijacked millions of computers at will and rerouted them to Internet Web sites and advertisements of their own choosing — collecting millions in undeserved commissions for all the hijacked computer clicks and Internet ads they fraudulently engineered.”

 

Late last year, however, the FBI disrupted the ring and seized the rogue servers. And since so many infected computers relied on the servers to reach the Internet, the agency opted not to shut them down and instead converted them to legitimate DNS machines.

 

Running the machines costs the government money, though,so they’re being switched off in July. If your computer is infected with DNSChanger then, the Web — for you — will no longer exist after July 8th.

 

The DNSChanger Working Group (DCWG), the body set up to oversee the servers, has created a Web site to help you diagnose your machine and, if necessary, remove DNSChanger. You can check it out at www.dcwg.org using the link below. And it’s probably not a bad idea to do so sometime before, say, July 8th. This site is receiving massive hits from folks wanting to secure and disinfect their PC’s so if you can’t connect to their servers, you might want to follow the directions on the FBI site links at the end of this article.

http://www.dcwg.org

 

Here’s how you can check and see if your system is affected/infected by this malware
https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS

 

For additional information visit the FBI’s webpage focused on “Operation Ghost Click”
http://www.fbi.gov/news/stories/2011/november/malware_110911

 

 

David’s Blog Archives