Malware may knock thousands off Internet

WASHINGTON (AP) — Despite repeated alerts, tens of thousands of Americans may still lose their Internet service Monday unless they do a quick check of their computers for malware that could have taken over their machines more than a year ago.

The warnings about the Internet problem have been splashed across Facebook and Google. Internet service providers have sent notices, and the FBI set up a special website.

According to the FBI, the number of computers that probably are infected is more than 277,000 worldwide, down from about 360,000 in April. Of those still infected, the FBI believes that about 64,000 are in the United States. Some could be in North Idaho.

People whose computers are still infected Monday will lose their ability to go online, and they will have to call their service providers for help deleting the malware and reconnecting to the Internet.

Mike Kennedy, president of Intermax Networks, a Coeur d’Alene Internet provider, said his company has been communicating with customers about the situation.

They have done spot checks on some customer’s computers, Kennedy said, and no affected machines have turned up.

“It’s like the Y2K virus. People have been prepared, and that mitigates the problem, but we won’t know for sure until they power up on Monday,” Kennedy said.

Intermax’s equipment and network is clean, Kennedy said. If problems do occur, they will be localized among customers.

“If any of them go down, we can get them back up quickly. They can just pick up the phone, call us and we’ll walk them through,” he said.

The problem began when international hackers ran an online advertising scam to take control of more than 570,000 infected computers around the world. When the FBI went in to take down the hackers late last year, agents realized that if they turned off the malicious servers being used to control the computers, all the victims would lose their Internet service.

In a highly unusual move, the FBI set up a safety net. They brought in a private company to install two clean Internet servers to take over for the malicious servers so that people would not suddenly lose their Internet.

And while it was the first time they'd done something like that, FBI officials acknowledged that it may not be the last since authorities are taking on more of these types of investigations.

The temporary Internet system they set up, however, will be shut down Monday at 12:01 a.m. EDT

Most victims don't even know their computers have been infected, although the malicious software probably has slowed their Web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.

But popular social networking sites and Internet providers have gotten more involved, reaching out to computer users to warn of the problem.

According to Tom Grasso, an FBI supervisory special agent, many Internet providers are ready for the problem and have plans to try to help their customers. Some, such as Comcast, already have reached out.

The company sent out notices and posted information on its website. Because the company can tell whether there is a problem with a customer's Internet server, Comcast sent an email, letter or Internet notice to customers whose computers appeared to be affected.

Grasso said other Internet providers may come up with technical solutions that they will put in place Monday that will either correct the problem or provide information to customers when they call to say their Internet isn't working. If the Internet providers correct the server problem, the Internet will work, but the malware will remain on victims' computers and could pose future problems.

Time Warner Cable spokeswoman, Kelcey Wells, told The Press the company does not anticipate its customers will be affected.

“Time Warner Cable has setup its own DNS servers and any TWC customers infected will continue to be able to use the Internet. We feel that we are providing a better customer experience if we allow any customers who are infected with this malware to stay online. We are in the process of notifying customers who we suspect may have been infected and will be working with them to remedy the problem,” wrote Wells, in a message to The Press. “This is part of our formal customer security program. As a result, we do not expect to receive many, if any, incoming customer service calls as a result of this issue.”

In addition to individual computer owners, about 50 Fortune 500 companies are still infected, Grasso said.

To check whether a computer is infected, users can visit a website run by the group brought in by the FBI: http://www.dcwg.org . The site includes links to respected commercial sites that will run a quick check on the computer, and it also lays out detailed instructions if users want to actually check the computer themselves.

Frontier Communications, another North Idaho service provider, is urging its customers to check their computers using the online tool recommended by the FBI.

The company is also directing customers to its own Frontier Secure website, http://ww2.frontierhelp.com, or to call 888-620-3663.

The direct link to the DNS Changer Check-up tool is http://www.dns-ok.us/

By clicking on the link, a computer user can tell if the machine being used will be affected Monday. The color of the box on the web page at that address will be green if the machine is clean. If the box is red, Internet service will be dead. Both Facebook and Google created their own warning messages that showed up if someone using either site appeared to have an infected computer. Facebook users would get a message that says, "Your computer or network might be infected," along with a link that users can click for more information.

Google users got a similar message, displayed at the top of a Google search results page. It also provides information on correcting the problem.

___

Online:

To check and clean computers: http://www.dcwg.org

Google: http://googleonlinesecurity.blogspot.com/2012/05/notifying-users-affected-by-dnschanger.html

Facebook: http://www.facebook.com/notes/facebook-security/notifying-dnschanger-victims/10150833689760766

Staff writer Maureen Dolan contributed to this report.