Thousands face 'internet blackout' today as FBI shuts down servers

Published Jul 9 2012, 09:38 BST  |  By Andrew Laughlin

Almost 20,000 people in the UK could lose internet access on their PC today due to an action by the FBI to shut down servers operated by cyber criminals.

In November 2011, the FBI seized the servers during raids on a gang of criminals, who had infected more than four million machines with a computer virus.

The gang made money by routing the victims' internet searches through their own servers so that they could show them specific advertising.

It is thought that the criminals earned in excess of $14m (£9m) by hijacking the computers and taking control of their web domain name searches.

The gang was able to infect the computers by using a DNS Changer - a tool that alters which server a PC contacts to convert domain names into numbers.

Over the last few months, the FBI has been working with internet service providers and web security firms to contact the victims and inform them their PC was infected by the gang.

In the FBI raids, it was found that the criminal's servers were being run by California firm ISC.

The original pool of around 4m infected machines is understood to have already been reduced to around 300,000 machines worldwide, according to data gathered by the DNS Changer Working Group (DCWG).

The majority of remaining infected machines are in the US, at 69,517, followed by Italy (26,494) and India (21,302).

Estimates suggest that there are around 19,589 infected machines in the UK, along with 18,427 in Germany, 10,454 in France, 10,304 in China, 10,213 in Spain, 8,924 in Canada and 8,518 in Australia.

The gang's ISC servers will be shut down today (July 9), meaning machines still checking with them will lose internet, as they will have nowhere to go to look up domains.

For those people affected, web access is initially expected to be patchy, because they will have some domain cached on their machines. But it will be lost entirely unless they take action.

Sophos Securities' Paul Ducklin said in a blog post on Friday that people should act quickly to ensure they don't fall victim to the "DNS Changer internet blackout".

"Please note that it is still strongly recommended that you scan your computer with an up-to-date anti-virus product, and although one of the DCWG-endorsed tests may give you peace of mind, there is nothing better than checking your DNS settings for yourself," said Ducklin.

There are various online tools available to allow people to check whether they were a victim.

Sophos has also produced a video guide on "How Not to Lose You Internet Connection" in today's server shutdown: