PCs hit by DNS malware face Internet 'black hole' by July 9

Computers that remain unpatched after being infected by a rogue DNS malware face an Internet "black hole" by July 9, a computer security firm said this week.

 

BitDefender said this is when the US Federal Bureau of Investigation (FBI) shuts down temporary servers redirecting infected computers to the sites they want to visit.

 

"After July 9th, any computer using these rogue DNS servers will be unable to resolve domain names. The FBI says about 500,000 computers are infected, based on the number of PCs connected to the servers they seized alone. The total number of affected users could run much (higher)," BitDefender said in a post on its Hot For Security blog.

 

It noted that in November 2011, the FBI took over DNS servers used by cyber-criminals to redirect users’ traffic to potentially risky sites they control.

 

But the FBI, acknowledging that disrupting the DNS system may affect how PCs communicate over the Internet, substituted the rogue DNS servers with temporary ones that can resolve Internet names.

 

Once the substitute servers are taken offline, BitDefender said computers that are still infected will have nearly impossible communication.

 

"If the DNS system is tampered with, chances are that the IP address of your favorite e-banking website, e-mail service or social network will lead you to a web page that is actually controlled by the attacker. This way, any data you pass to the website (including authentication information), lands into the wrong hands without the user even realizing it," it said.

 

Bitdefender said it has developed a free tool that assesses the status of the DNS settings and alerts the user when rogue DNS settings are found.

 

For its part, GOogle is displaying a message on computers that may still be infected, so users can take appropriate action, computer security firm Sophos reported. — TJD, GMA News