Malware, Security Strategy, Plan, Budget

“Malware Monday” internet shutdown packs little punch

What many in the mainstream media painted as an internet doomsday arrived Monday without much fanfare, as the FBI pulled the plug on servers that allowed tens of thousands of computers in the United States to access the web.

Security firm F-Secure confirmed early Monday that the temporary servers, which replaced the rogue servers that had been operated by a now-dismantled fraud syndicate spreading the DNSChanger trojan, went offline, as expected.

Yet, despite the media hype that some 60,000 machines in the United States and a couple of hundred thousand elsewhere in the world remained infected and could lose internet connectivity -- creating a Y2K-style scenario -- the resulting scene has been calm.

"According to reports, many major internet service providers have configured their own substitute DNS servers and are continuing to work the problem," wrote Sean Sullivan, a security adviser at F-Secure, in a blog post. "So, the FBI is out, and ISPs are in. All in all, things are working out as they probably should in a case such as this. The infection count continues to decrease without a major crisis in support calls. We've only received a couple from our own customers."

According to F-Secure, the number of infected IP addresses now sits at around 47,000 in the United States -- though many of those machines may not even be actively used to access the internet.

Major ISP Comcast has received a "miniscule" number of help-related calls since midnight, company spokesman Charlie Douglas told SCMagazine.com. And like other ISPs, Comcast is standing by and ready to assist any customers, he said.

The SANS Internet Storm Center's Johannes Ullrich, in a Monday blog entry. further downplayed the hype and suggested users who haven't cleaned their systems by now probably deserve the consequences.

As recently as last fall, an estimated half-million computers in the United States and several million across the world contained the DNSChanger trojan.

"There are about (two billion) internet users," he wrote. "So about 0.01 (percent) of internet users are infected. In other words: Very few. People who have disregarded warning banners, phone calls from ISPs, (anti-virus) warnings, and other notification attempts -- they probably should be disconnected from the internet."

Meanwhile, security blogger Brian Krebs said the media should concentrate its bandwidth on more pressing threats, such as a new Java exploit.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.