This day last week, the cyber world was speculating on how many people would lose their access to websites after the much-publicized shutdown by the FBI of rogue servers set up by fraudsters. The criminals had unleashed the DNS Changer malware over many years that changed the DNS setting of infected computers thereby redirecting users to fake sites instead of the real ones.
So what happened after the FBI shut down the rogue servers on July 9 at 12.01 am? How many people lost access to internet? In India, 19,642 networks were known to be infected, according to DNS Changer Working Group.
It’s impossible to accurately put a figure on internet disruption caused by the malware. All users do encounter break in connectivity for one reason or the other. Normally, it comes back on its own after a few minutes. But when the disruption is prolonged, users call up their service providers, who as part of the solution advise customers to reset their DNS settings. So it’s difficult for any user or service provider to accurately say that the internet disruption was caused by the DNS malware.
However, Trend Micro’s senior threat researcher Feike Hacquebord, going by data on infected networks, estimates that about 3 lakh users around the world would have experienced disruption. He says a much bigger disruption happened in 2008 when web hosting provider Atrivio (which was hosting the data centre of the DNS malware creators) had gone down.
The cyber world was spared of the “doomsday” that some security-paranoid netizens predicted. There are many reasons. A major one is the general awareness created over the past many months about the malware, and the planned shutdown. Security firms, companies like Google and Facebook, and service providers collaborated with other stakeholders in the DNS Changer Working Group to clean up the cyber mess. They sent out warning notes and tips to users whose computers had been infected.
Another reason is that security solutions have either blocked DNS Changer malware intrusion attempts or removed the malware from infected computers. Kaspersky Labs says that this year alone, it detected 1,01,964 attempts by DNS Changer malware to infect its users.
So, in all probability, the curtains are down on one of the longest-running and most widespread cyber crimes we have seen.