Q: What can you tell me about the FBI shutting off the Internet for thousands of users on March 8? - Alan
A: The sometimes salacious ‘kill switch' headlines about this story can easily give readers the wrong impression if they don't dig a little deeper into the details.
The FBI actually stepped in to ensure lots of folks didn't suddenly lose their ability to surf the Web last year and those safety measures are set to expire on March 8.
Last year, a group that had infected over 4 million computers worldwide (an estimated half a million in the U.S.) with what is called the DNSChanger Trojan was brought to justice.
The primary impact of this infection is that it caused Web surfers to be sent to fraudulent websites by changing what is called the DNS settings on compromised computers.
The Domain Name System (DNS) is the backbone of the Internet's address scheme and DNS servers are special computers around the world that act as Internet traffic cops providing directions to websites that you wish to visit.
For instance, when you type www.datadoctors.com in your Web browser, your computer sends the request to the DNS server usually associated with your Internet service provider which translates your human friendly text request into the actual numeric address for that website (called the IP address).
If your computer was infected with the DNSChanger Trojan, you are being sent to a ‘rogue traffic cop' that would send you into a virtual dark alley to be mugged. It also made sure that you couldn't get to security sites that had tools to help you clean up your computer.
When the FBI pinched this group, if they had shut down the rogue DNS servers, everyone that was infected would have instantly been cut off from the Internet. So the FBI chose a different strategy.
They decided to get a court order allowing them to replace the rogue DNS servers with legitimate stand-ins so that all the infected computers wouldn't get cut off without warning, giving them time to get the word out.
The court order runs out on March 8, so anyone still infected with the DNSChanger Trojan will no longer be able to access the Internet because the temporary DNS servers won't be online anymore.
So you can see that the characterization of the FBI using a kill switch to cut our citizens off from the Internet is pretty inaccurate.
If everyone that's infected by this Trojan cleans it up before March 8, no one will have a problem, but the infection is so widespread that it isn't likely to happen.
Both Windows and MacOS users are at risk for this infection because it exploits your browser, not your operating system.
If you are somewhat technical, you can do a self-check of your computer to make sure you're not infected by comparing your computer's DNS setting to the list of rogue DNS servers:
220.127.116.11 through 18.104.22.168
22.214.171.124 through 126.96.36.199
188.8.131.52 through 184.108.40.206
220.127.116.11 through 18.104.22.168
22.214.171.124 through 126.96.36.199
188.8.131.52 through 184.108.40.206
The FBI has published a pretty decent guide to performing the self-check - http://evtnow.com/2d5 - but if you aren't comfortable doing the check yourself, make sure you consult a tech savvy friend or professional to avoid getting cut off on March 8.
If you are infected by the DNSChanger Trojan, the FBI reminds us that this malware also disables security updates which could have further exposed you to other malware. Be sure you have a thorough cleanup performed and you get caught up on all the missing updates if you find your computer has been compromised as detection and removal is just the beginning of the process.