WASHINGTON — For some computer users, a few mouse clicks could mean the difference between staying online and losing Internet connections this summer.
Unknown to most of them, their problem began when international hackers ran an online advertising scam to take control of infected computers around the world. In a highly unusual response, the FBI set up a safety net months ago using government computers to prevent Internet disruptions for those infected users. But that system is to be shut down.
The FBI is encouraging users to visit a website run by its security partner, www.dcwg.org, that will inform them whether they're affected and explain how to fix the problem. After July 9, infected computers won't be able to connect to the Internet.
Most victims don't even know their computers have been infected, although the malicious software probably has slowed their Web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.
In November, the FBI and other authorities were preparing to take down a hacker ring that had been running an Internet ad scam on a massive network of infected computers.
"We started to realize that we might have a little bit of a problem on our hands because ... if we just pulled the plug on their criminal infrastructure and threw everybody in jail, the victims of this were going to be without Internet service," said Tom Grasso, an FBI supervisory special agent. "The average user would open up Internet Explorer and get ‘page not found' and think the Internet is broken."
On the night of the arrests, the agency brought in Paul Vixie, chairman and founder of Internet Systems Consortium, to install two Internet servers to take the place of the truckload of impounded rogue servers that infected computers were using. Federal officials planned to keep their servers online until March, giving everyone opportunity to clean their computers. But it wasn't enough time. A federal judge in New York extended the deadline until July.
Now, Grasso said, "the full-court press is on to get people to address this problem." And it's up to computer users to check their PCs.
This is what happened:
Hackers infected a network of probably more than 570,000 computers worldwide. They took advantage of vulnerabilities in the Microsoft Windows operating system to install malicious software on the victim computers. This turned off antivirus updates and changed the way the computers look up website addresses behind the scenes on the Internet's domain name system.
The domain name system is a network of servers that translates a Web address — such as www.statesman.com — into the numerical addresses that computers use. Victim computers were reprogrammed to use rogue domain name system servers owned by the attackers. This allowed the attackers to redirect computers to fraudulent versions of any website.
The hackers earned profits from advertisements that appeared on websites that victims were tricked into visiting. The scam netted the hackers at least $14 million, according to the FBI. It also made thousands of computers reliant on the rogue servers for their Internet browsing.
Installing and running the two substitute servers for eight months is costing the federal government about $87,000.
Here's how the FBI says you can check your computer and avoid potentially losing your ability to connect to the Internet on July 9:
Go to www.dcwg.org.
Click on "Detect" in the upper left corner, or on the Green Button next to it.
You will be directed to a new page. Pick your language from the list and click on the link next to it.
If your computer is not infected, you will see a green logo with the message: "DNS Resolution = Green. Your computer appears to be looking up IP addresses correctly!"
If you see that message, you don't need to do anything more.
If you see a message with a red logo saying your computer appears to be infected, you will be directed to a new page with websites that will provide antivirus tools that cybersecurity experts have identified as being effective in removing the malware.
The website also provides information on the case and the malware.
- Associated Press