‘DNSChanger’ Malware Could Strand Thousands When Domains Go Dark on Monday
By Kim Zetter
July 5, 2012 |

Tens of thousands of U.S. internet users could be left in the digital dark on Monday when the FBI pulls the plug on domains related to the DNSChanger malware.

Computers belonging to an estimated 64,000 users in the United States, and an additional 200,000 users outside the United States, are still infected with the malware, despite repeated warnings in the news, e-mail messages sent by ISPs and alerts posted by Google and Facebook.

The DNSChanger malware, which infected more than half a million machines worldwide at the height of its activity, redirected a victim’s web browser to sites designated by the attackers, allowing them to earn more than $14 million in affiliate and referral fees.

In addition to redirecting the browsers of infected users, the malware also prevents infected machines from downloading operating system and antivirus security updates that could detect the malware and stop it from operating. When an infected user’s machine tries to access a software update page, a pop-up message says the site is currently unavailable.

Last November, federal authorities charged seven Eastern European men with running the clickjacking operation. The FBI also seized control of about 100 of the attackers’ command-and-control servers used in the operation.

CONTINUE: [link to www.wired.com]