About 10,000 Canadians are at risk of being disconnected from the Internet on Monday because their computers are infected with malicious software crafted by a cybercrime ring in Estonia.
“If your computer is infected and you open up a web browser on Monday, you will see nothing,” said Dave Marcus, director of advanced research and threat intelligence for cyber security firm McAfee Labs.
To find out if your computer is affected, click here.
Dubbed DNSChanger, the malware was essentially an advertising scam that swapped ads on legitimate webpages, redirecting $14-million in advertising revenue to the criminals.
Most users had no idea their computers were infected, as they were able to access the sites they wanted – only the advertising on the pages had been changed.
The FBI called the investigation “Operation Ghost Click.”
An estimated 300,000 computers worldwide were being redirected to rogue servers operated by the criminals. Six Estonians were arrested by the FBI in November in connection with the ring. According to the Baltic Daily, two have since been extradited to the U.S. and four are on trial in Estonia. A Russian suspect remains at large.
When it broke up the ring, the FBI enlisted a private firm to set up servers to keep the 300,000 infected computers connected to the Internet after the malicious servers were taken down. On Monday, the plug will be pulled on the interim service.
Of the estimated 25,000 computers in Canada that were affected, 15,000 computers have been wiped clean of the malware. Several Internet security firms, including McAfee, have posted one-click diagnostics and free downloadable fixes so that owners of affected computers can clean up before Monday’s deadline.
Marcus said those who don’t make the Monday deadline can perform the diagnostic and repair by using another computer to download the information onto a USB, then insert it into the infected computer. The service is being offered free of charge and takes under 10 minutes to perform.
“It’s nothing that complicated. It’s relatively straightforward,” said Marcus.
According to data from McAfee, 60 per cent of Internet households worldwide own at least three Internet-abled devices. Internet service providers, including Bell and Rogers, have web pages instructing customers on how to handle the problem. Both recommend bringing affected devices to a qualified repair technician.
Byron Holland, president and CEO of the Canadian Internet Registration Authority, said the malware was a Trojan that had to be downloaded onto a computer to infect it. Trojans often arrive in the form of free software or an email attachment. “There isn’t one single method that gets used. The bad guys are really creative,” said Holland.
Both Holland and Marcus recommend computer users purchase and use anti-malware software.