Virus could cut 20,000 UK computers from web on Monday, FBI warns

The DNS Changer virus could cause 20,000 computers in the UK – of 350,000 worldwide - to lose web access on 9 July, the FBI has warned

20,000 PCs in the UK could be cut off from the web on Monday 9 July 2012, as a consequence of the DNS Changer virus.

Infected machines will no longer be able to access websites, e-mail, chat or social networking sites such as Facebook, according to the FBI.

Worldwide, 350,000 computers could lose web access on Monday because of the DNS Changer virus, the FBI has warned.  

The malware, a variant of the Zlob family of Trojans, is designed to tell the infected computer to use a rogue Domain Name System (DNS) server, which directs the browser to hacker-owned websites.

Infected machines then replace legitimate advertisements with ads the criminals try to monetise via click fraud. The cyber criminals are thought to have made £9.1m from the scam.

In 2011, an international group of law enforcement agencies, including the FBI, arrested the group operating DNS Changer malware botnets. But hundreds of thousands of computers remain infected and are currently using interim systems set up by the FBI to access the internet.

But after 9 July, 2012, all computers still infected with DNS Changer malware will no longer be able to access websites, e-mail, chat or social networking sites such as Facebook,  when the temporary systems will be disabled because of high operating costs.

The DNS Changer Working Group estimates that there are more than 350,000 devices still infected with DNS Changer, out of the 4 million originally affected by the malware.

When the FBI turns off the temporary access systems, it could leave infected machines without access to the web.

It is estimated 20,000 of these machines are in the UK, according to the Telegraph.

In June, Facebook joined the DNS Changer Working Group (DCWG), aimed at cleaning up the malware.

As a result of Facebook's work with the DCWG, the social networking site said it is now able to notify users likely to be infected with DNS Changer malware and direct them to instructions on how to clean their computer or networks.

Facebook's decision to notify users who have infected computers follows a similar decision by Google, which started alerting users of DNS Changer infections in May.

Read more on Hackers and cybercrime prevention

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

 Sounds more like you have very, very little IT knowledge.


Comodo dragon browser allows you to use their DNS with the browser and also gives you the option for all of your internet activity to do the same.


IF this was connected to spying
it would seem to me the 350,000 PC's that were being directed through the FBI's "temporary access System" (sounds like a server to me) were being watched
it would seem this operation is over and they have found a better way to snoop on their terrorist watch-list which was reported to be  900.000 names long in 2008
or they have run out of OUR money to watch US

probably those new weather sattellites the EUSSR has just launched/is going to launch


I'm assuming the FBI are in control of the DNS servers being used by the infected users, so perhaps they should configure the interim system to direct infected users to a notification website telling them that they are infected. Then provide the user with removal instructions or even better provide an automated removal tool. 

Since I imagine the more skeptical users will immediately view it as a scam it would also be wise to provide some ready means of verification that it's genuine. Overriding the domains for some of the most popular sites would probably get the attention of most of the infected users..


Moz gym