The Internet "doomsday virus" that people were warned about over the weekend didn't quite materialize Monday — but that doesn't mean the threat isn't real.
Several large American Internet service providers, among them AT&T, Verizon and Time Warner Cable, picked up where the FBI left off early this morning (July 9). The ISPs were redirecting Web traffic to make sure any customers affected by the DNSChanger malware would still be able to get online.
That's great news from a customer-service point of view. But from a security point of view, it could be seen as just kicking the can down the road, since it removes the incentive for affected users to fix their computers.
Into the breach step the ISPs
An AT&T spokesman told PCWorld that the company would keep its affected broadband clients up and running until the end of 2012. A Verizon spokesman told the magazine that it would support affected customers until the end of July, and would help them clean and reset their computers in the meantime.
Time Warner Cable planned to do the same.
"Time Warner Cable has set up its own DNS servers and any TWC customers infected will continue to be able to use the Internet," Time Warner Cable spokesman Justin Venech told ABC News. "We feel that we are providing a better customer experience if we allow any customers who are infected with this malware to stay online."
In a conversation with SecurityNewsDaily, Venech was not able to say how long Time Warner Cable would keep the redirection service up, but was optimistic that no company clients would lose Internet access.
"We started reaching out to our customers who might be affected several weeks ago," Venech said. "We've been pleased to see a decline in numbers since then, and we're continuing to help customers get rid of the malware."
Venech wouldn't say how many Time Warner Cable clients were affected, but other U.S. ISPs were reporting numbers well under 1 percent of their customer base.
Comcast, on the other hand, told PC World that it was not supporting customers whose Internet settings had been affected by the DNSChanger Trojan. Instead, it was working with those customers to get them back online.
Figures released today by the DNSChanger Working Group showed a sharp decline in affected Internet Protocol addresses over the past few weeks, from around 300,000 worldwide in mid-June to 210,851 yesterday (July 8).
The U.S., by far the most affected country, had 41,557 affected IP addresses yesterday; Italy, the next most-affected, had 17,074, followed by India, Germany and Britain.
It's not clear how many actual computers and routers that translates to, because computers on the same office or home network usually share one outward-facing IP address.
The FBI last month estimated that about 64,000 U.S. users would be affected by its shutdown early this morning of the servers redirecting users affected by DNSChanger.
Delaying the inevitable?
As long as ISPs that are supporting affected clients are actively working to clean those clients' machines, there's no harm in keeping affected users online.
However, past experience demonstrates that many customers, both consumer and corporate, won't do anything until they're forced to.
The original DNSChanger support cutoff date of March 8 was postponed to today because less than 30 percent of affected ISPs, including many in top corporations, had fixed their DNS settings.
Even today, the response rate is only about 65 percent, meaning that 35 percent of affected ISPs have yet to fix their machines.
This decade's Y2K scare
But overall, even the top DNSChanger infection number of around 600,000 IP addresses worldwide is a drop in the bucket compared with the total number of IP addresses in use, estimates of which range from 1.6 billion to 3.2 billion.
In that light, TV reports of "Internet doomsday" and the "doomsday virus" seem pretty silly.
"#doomsdayvirus Much ado about nothing," wrote Twitter user Eric Crawford.
"I am trying to be careful as much as possible, but I feel that ?#MalwareMonday is kind of like the ?#Y2K of the internet," wrote Ontario college student @StLucianIdol91.
Just in case...
Unfortunately, the easiest website on which to check to see whether you were affected by DNSChanger, http://www.dns-ok.us, was taken down today.
But its Canadian counterpart, http://www.dns-ok.ca/, is still up. Scroll down the page and click either "I agree" or "J'accepte" and the site will check your DNS settings.
If you see green, you're fine and no longer need to worry.
If you see red, here's what to do.
First, you'll need to change some settings on your computer. Contact your ISP, or click here for instructions on how to reset your computer to use Google's public DNS servers.
Step two is to run strong anti-virus software that will clean up your computer. You'll probably have to pay for the software. Here's a list of recommended anti-virus software products.
The third step is to check your system again; if you're still seeing red, your router may be infected. Contact the router manufacturer for help on how to clean it.
If your router's more than five years old, consider buying a new one. Most are under $100.
- 10 Computer Threats You Didn't Know About
- How to Remove Viruses Safely Without Panicking
- 10 Best Computer Protection Software Products
Copyright 2012 SecurityNewsDaily, a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.