The Public Eye with Eric Chabrow

Malware Monday: Much Ado About Nothing

The Fix Is In: DNS Changer No Longer a Catastrophe in the Making
Malware Monday: Much Ado About Nothing

Barry Greene chuckled when he heard the term "Malware Monday" applied to July 9's cutoff to the Internet for as many as 200,000 users worldwide. "I never heard of it referred to that way," says Greene, an IT security engineer who serves as a spokesman for the DNS Changer Working Group, or DCWG.

See Also: Live Webinar | Navigating the Difficulties of Patching OT

DCWG, a voluntary group, is a collaboration of government and business to battle DSN Changer, malware that redirected users to websites that generated at least $14 million in fraudulent advertising fees. Authorities in the United States, Britain and Estonia busted a ring of six suspected fraudsters last November [see 6 Nabbed in Global Internet Scam].

The number of still-infected computers represents about the number of PCs a botnet hunter commandeers in a single day: It's no big deal. 

To help mitigate the scam, the FBI arranged for two servers to be set up to replace servers used by alleged fraudsters that redirected Internet users to counterfeit websites that promoted suspected wares.

At 12:01 a.m. Eastern Time on Monday, July 9, the two FBI-backed servers will be shuttered. After that, computers that haven't been cleansed of the DNS Changer malware won't be able to access the Internet, at least not without help from their Internet service provider.

An Associated Press story circulating on the Internet just after America's Independence Day holiday warned of "Malware Monday," a phrase adopted by headline writers of a number of blogs and news stories. But although DNS Changer remains a problem for what amounts to a relatively small number of Internet users, it's a predicament that has been basically resolved by DCWG.

When authorities arrested the suspects last fall, they reported that more than 4 million computers had been infected by the malware. Today, Greene says, that number is about 250,000 worldwide and falling. As of June 11, DCWG identified fewer than 70,000 computers in the United States infected; by now, Greene says, that figure is much lower.

Think about it: Various estimates place the number of PCs worldwide at between 1 billion and 2 billion. That means the 250,000 or so still-infected computers represent fewer than 2-100ths of a percent (0.02 percent) of all PCs in the world. That's about the number of PCs a botnet hunter commandeers in a single day, Greene says, adding: "It's no big deal."

Greene says there are more serious malware problems users should concern themselves with than DNS Changer, as the "bad guys" - who have an economic incentive to create more malicious viruses - stay three steps ahead of the "good guys" who try to combat them.

Still, working groups such as DCWG have brought together various Internet stakeholders that can continue to join forces to limit the damage malware causes; in a sense, a silver lining of this story.

For those who remain worried about DNS Changer, links at the DCWG website can quickly test your machine to see if it has the virus on it. If the malware is on your computer, the site can tell you how to go about to rid it.

And, for those who find out after midnight Monday their PCs are infected, Greene says don't fret. Just call your ISP (you obviously won't be able to reach them over the Internet); the service provider will tell you how to get rid of it.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.