Hundreds of thousands of computers around the world will lose internet access later today when the FBI switches off rogue DNS servers that have hijacked Internet traffic to serve illicit adverts.
Four million computers in 100 countries had been infected with the ‘DNSChanger’ malware when the FBI brought down the criminal operation in November 2011. Six Estonian nationals were arrested as part of the shutdown.
Most of the infected computers have repaired their DNS settings since November, but as of June this year, more than 19,000 PCs in the UK were still infected, according to the DNS Changer Working Group.
The malware was redirecting the Internet traffic of infected machines through a DNS server which pointed users to adverts rather than legitimate websites, generating money for the gang. DNS servers allow Internet users to point their browsers to addresses written in text, matching the written text with the relevant IP address.
The FBI replaced the rogue DNS servers with legitimate servers after operation was shut down last year. In March this year, it warned that it would be turning off those clean DNS servers on July 9th, today. It said that its "clean DNS" solution was "temporary, providing additional time for victims to clean affected computers and restore their normal DNS settings".
"The clean DNS servers will be turned off on July 9, 2012, and computers still impacted by DNSChanger may lose Internet connectivity at that time," the FBI said. Any computers still harbouring DNSChanger will stop working because the server which the software points the infected machines internet connection to will no longer be online.
The FBI said that the criminals had made $14 million through the redirects.