Malware deadline passes, very few knocked offline - WXOW News 19 La Crosse, WI – News, Weather and Sports |

WASHINGTON (WXOW) -- If you're reading this online, you're fine. The day that was supposed to see thousands of people knocked off the Internet has arrived, but only a few people were affected.

Thousands of Internet users across the U.S. and beyond waited too long or simply didn't believe warnings that they would lose access to the Internet just after midnight because of malware that took over computers around the world more than a year ago.

At 12:01 a.m. on Monday, the FBI turned off Internet servers that were functioning as a temporary safety net to keep infected computers online for the past eight months. A court order the agency had gotten to keep the servers running expired, and was not renewed.

FBI officials have been tracking the number of computers they believe still may be infected by the malware. As of Sunday night, there were about 41,800 in the U.S., down from 45,600 on July 4. Worldwide, the total is roughly 211,000 infected. An estimated 2.3 billion people around the world use the Internet, according to Internet World Stats.

Considering that there are millions of Internet users across the country, several thousand losing access isn't a big deal -- unless you are one of them.

As the deadline approached, Internet service providers such as AT&T Inc. and Time Warner Cable Inc. set up their own safety nets to allow the affected computers to continue to access the Internet.

AT&T said only a "small percentage" of its customers were affected by the virus. To make sure they can continue to access the Internet, the company will maintain legitimate Internet servers for them through the end of the year.

This, said spokesman Mark Siegel, gives people "adequate time" to remove the virus from their computers and avoid service interruption.

Time Warner Cable would not say how many of its customers were affected by the virus, but spokesman Justin Venech said the company also set up its own servers to ensure they can get online. Time Warner has no specific deadline, but the company will notify people who are affected so they can fix their computers.

Verizon Communications Inc. said it will "continue to provide extended support to our customers during the month of July - while continuing to instruct them on the necessary actions they must take to resolve the issue on their computers."

The company added that it has notified affected customers "using a variety of methods, including email, phone calls, and postal mail correspondence."

In South Korea, there were no reports from affected computers Monday. As many as 80 computers there are believed to be infected with the malware that may cause problems in Web surfing, down from 1,798 computers in February, according to the government.

"The impact will be limited," said Lee Sang-hun, head of network security at the Korea Communications Commission, a government body. The government and private broadband providers opened helplines and issued warnings. They also asked users to check if their computers were infected and to download antivirus software. South Korea is one of the most wired countries in the world, with more than 90 percent of households connected to broadband Internet.

The problem began when international hackers ran an online advertising scam to take control of more than 570,000 infected computers around the world. When the FBI went in to take down the hackers late last year, agents realized that if they turned off the malicious servers being used to control the computers, all the victims would lose their Internet service.

In a highly unusual move, the FBI set up the safety net. They brought in a private company to install two clean Internet servers to take over for the malicious servers so that people would not suddenly lose their Internet.

And they arranged for a private company to run a website, http://www.dcwg.org, to help computer users determine whether their computer was infected and find links to other computer security business sites where they could find fixes for the problem.

From the onset, most victims didn't even know their computers had been infected, although the malicious software probably slowed their web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.

Efforts to solve the issue have been hindered a bit by a few factors: Many computer users don't fully understand how their computers work. The cyber world of viruses, malware, bank fraud and Internet scams is often distant and confusing, and warning messages may go unseen or unheeded.

And other people simply don't trust the government, and believe that federal authorities are only trying to spy on them, or take over the Internet, by pushing solutions to the infection. Blogs and other Internet forums are riddled with postings warning of the government using the malware as a ploy to breach American citizens' computers -- a charge the FBI and other security experts familiar with the malware quickly denounced as ridiculous.

There is an underlying sense that this has been much ado about nothing -- like the hoopla over Y2K, when the transition to the year 2000 presented technical problems and fears that some computers would stop working because they were not set up for the date change. In the end, as in this case, there were very few problems.

Rep. Jim Langevin, D-R.I., who co-founded the cybersecurity caucus in Congress, said computer users have a responsibility to practice good hygiene and make sure their computers have not been infected or hijacked by criminals.

"These types of issues are only going to increase as our society relies more and more on the Internet, so it is a reminder that everyone can do their part," he said.

Chester Wisniewski, senior security adviser at computer security firm Sophos, said it would have been better to turn off the safety net earlier, so that people can clean up their computers.

"There is only so much responsibility the American government has to continue to run this stuff," he said. "If you still have this virus it's likely that you have others."

------

--------------------------------------------

WASHINGTON (WXOW) - The FBI's temporary Internet servers will go dark Monday, leaving thousands of unsuspecting malware-infected individuals without online access.

Why is this happening? It all has to do with a piece of computer malware called DNS Changer.

It started in 2007, when a group of hackers -- six Estonians and one Russian -- allegedly started masquerading as Internet advertisers who were paid by the click, according to an 2011 indictment from the U.S. Attorney General's Office in the Southern District of New York. In other words, if an ad got more clicks, they pocketed more cash.

So they figured out a way to beat the system, according to the indictment. They created a piece of malware, called DNS Changer, that tampered with the DNS -- the thing that takes a website address and finds the numerical IP address to connect you to that website -- redirecting millions of Internet users to sites they didn't search for.

For instance, if your computer was infected and you clicked a link to go to Netflix, you would wind up at "BudgetMatch," according to the FBI. The practice is called "click hijacking."

Once the FBI got around to fixing the problem in 2011, it realized it couldn't simply shut down the rogue servers because infected computers would be left without a functioning DNS, leaving them virtually Internet-less. So it set up temporary servers to give malware-infected Internet users time to fix their computers.

And time runs out on Monday, July 9.

(There isn't a planned attack this Monday that will shut down the Internet; those whose computers are already infected will lose the Band-Aid the FBI put on the problem more than a year ago.)

Who Is Affected?

Initially, there were more than 4 million infected computers in 100 countries, including 500,000 in the United States, according to the indictment.

As of July 4, there were only about 46,000 in the United States, FBI spokeswoman Jenny Shearer told ABCNews.com today. (That's out of nearly 300,000 worldwide.)

PCs and Apple Macs have been infected. Routers and iPads were hit, too.

As of June, the United States had more infected computers than any other country, according to data from the DNS Changer Working Group, or DCWG, a group working on cleanup resulting from the malware.

How Do I Know if My Computer Is Infected?

You can check to see whether your computer is infected by logging on to www.dns-ok.us.

If the page is green, you're in the clear. If it's red, your computer is infected.

On Thursday the site got 2 million hits, but very few of those computers were infected, DCWG volunteer Barry Greene told ABCNews.com.

Google and Facebook say they have also set up notifications for infected users. If you type in a search term and see a message that says, "Your computer appears to be infected" at the top of your screen, guess what. Your computer is infected.

Comcast, AT&T and Verizon are among the other organizations notifying customers if they have infected machines.

Important: According to DCWG, you should not need to scan, make changes or download anything to tell whether your computer is infected.

My Computer Is Infected. Now What?

The good news is DCWG has put together a page of trusted tools and a step-by-step guide for how to fix your computer.

The bad news is it can take a day or two actually to fix the problem, Greene told ABCNews.com. That's because the malware is in a deep section of the hard drive called the "boot sector."

"The malware problem out there is nasty, and it's impacted society on multiple levels," Greene said. "It's extremely hard to get rid of. In most companies, if they get infected with it, they throw away the hard drive."

If you can't do that, follow the instructions. They include backing up your files and reinstalling your operating system.

What Do I Do if I Lose Internet on Monday?

The FBI and DCWG recommend contacting your Internet service provider. They'll be able to give you instructions on what to do next.