July 09, 2012

"Malware Monday" internet shutdown packs little punch

What many in the mainstream media painted as an internet doomsday arrived Monday without much fanfare, as the FBI pulled the plug on servers that allowed tens of thousands of computers in the United States to access the web.

Security firm F-Secure confirmed early Monday that the temporary servers, which replaced the rogue servers that had been operated by a now-dismantled fraud syndicate spreading the DNSChanger trojan, went offline, as expected.

Yet, despite the media hype that some 60,000 machines in the United States and a couple of hundred thousand elsewhere in the world remained infected and could lose internet connectivity -- creating a Y2K-style scenario -- the resulting scene has been calm.

"According to reports, many major internet service providers have configured their own substitute DNS servers and are continuing to work the problem," wrote Sean Sullivan, a security adviser at F-Secure, in a blog post. "So, the FBI is out, and ISPs are in. All in all, things are working out as they probably should in a case such as this. The infection count continues to decrease without a major crisis in support calls. We've only received a couple from our own customers."

According to F-Secure, the number of infected IP addresses now sits at around 47,000 in the United States -- though many of those machines may not even be actively used to access the internet.

Major ISP Comcast has received a "miniscule" number of help-related calls since midnight, company spokesman Charlie Douglas told SCMagazine.com. And like other ISPs, Comcast is standing by and ready to assist any customers, he said.

The SANS Internet Storm Center's Johannes Ullrich, in a Monday blog entry. further downplayed the hype and suggested users who haven't cleaned their systems by now probably deserve the consequences.

As recently as last fall, an estimated half-million computers in the United States and several million across the world contained the DNSChanger trojan.

"There are about (two billion) internet users," he wrote. "So about 0.01 (percent) of internet users are infected. In other words: Very few. People who have disregarded warning banners, phone calls from ISPs, (anti-virus) warnings, and other notification attempts -- they probably should be disconnected from the internet."

Meanwhile, security blogger Brian Krebs said the media should concentrate its bandwidth on more pressing threats, such as a new Java exploit.

Related Articles
Related Topics

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.