Latest News

Malware Monday looms, but can be averted

Computer geeks and federal agents have a warning for the public this weekend: Don’t wake up Monday with a case of the Malware Blues.

Upward of 60,000 American laptops and desktops late this week were still infected with the notorious DNSChanger Malware — a computer virus that debuted five years ago. And unless those impacted take the necessary steps, the FBI warns, they will be without Internet access come Monday morning.

Shortly after midnight Monday morning, the feds will switch off the temporary servers they had set up to let those affected by the bug safely use the Internet. The pending blackout has been ominously named Malware Monday.

But while a morning without the Web would surely be an inconvenience for those affected, this latest media frenzy might be a bit overblown, says Steven Luis of Florida International University’s school of computing and information sciences.

“This is not a Y2K moment,” Luis said. “You’ll still get paid. The [Mayans] are not involved.”

For starters, the odds that your computer is infected are tiny. Roughly seven of every 10 American households reported having Internet access in 2009 — the latest estimate available — in a nation of more than 300 million people.

And while roughly a half-million computers in the United States were at one time infected by the virus, nearly 90 percent of those cases have been fixed with updated antivirus software.

So what exactly is the DNSChanger Malware?

Malware is the generic term for destructive entities such as viruses and worms that alter the way computers work. This particular virus, hatched by six Estonian nationals to manipulate the Internet advertising industry, has affected roughly four million computers in more than 100 countries — including individuals, businesses, and government agencies such as NASA.

The malware targeted a computer’s Domain Name System — the Internet service that converts URLs like into numerical addresses that computers use to communicate. The cyber criminals would redirect Web surfers away from the sites they want, and on to fake or doctored pages. The scam generated up to $14 million in illegal fees.

Last November, the FBI announced the arrest of the virus’ creators, capping a two-year investigation dubbed Operation Ghost Click. While DNSChanger’s architects — part of the Rove Digital criminal enterprise — have been locked up, their disease has remained a scourge for many. The FBI gained temporary authorization to deploy clean DNS servers, allowing infected machines to still access the Internet. But that stop-gap measure ends Monday morning. Computers still with the bug will get nothing but error pages when they pull up a browser.

Thomas Grasso, a supervisory special agent in the FBI’s cyber division, said on the agency’s website that he hopes the public will “follow our recommendations to: one, determine if they’re affected by this; and then two, fix the problem.”

To help you do so, the feds and security experts from Georgia Tech have established a detection and repair website:

Simply by clicking on a link on the site’s homepage, visitors can run a self-diagnostic test on their machine. As late as Friday afternoon, company IT chiefs were alerting employees to run the test on company equipment.

Those whose machines test positive for DNSChanger are urged to buy an antivirus program such as McAfee Stinger or Norton Power Eraser, which should cure the cyber illness. Home routers might also be affected; those that are will need to be reset, Luis said.

And for certain, it’s much easier — and cheaper — to fix the problem in advance than to deal with it Monday, Luis said. If you’re stuck Monday, you’re urged to call your service providers for help.

“My best advice would be to take a moment this weekend and take care of it,” he added. “The good news is, we’ve had months to prepare for this. It’s like comparing a tornado to a hurricane. But the time is now.”