There are affiliate links on this page.
Read our disclosure policy to learn more.
Translate this page to any language by choosing a language in the box below.
FBI Warning: Is Your Computer Infected? Find Out, With the FBI's Free Tool
FBI Warning: Is Your Computer Infected? Check Before July
2012
The FBI ran "Operation Ghost Click" to take down an international Cyber Ring that infected millions of computers back on November 9, 2011, but you still need to check your computer to see if it is infected BEFORE JULY 2012. The FBI is warning all users of computers that connect to the internet that they may be infected. If you are infected, and do not check and clean before July 2012, you will no longer be able to connecty to the internet, the FBI says. The FBI has a free tool to do that at http://www.dcwg.org/. Juct click on this link, then click the "detect" button there and follow the simple instructions to find out if you have been violated and infected with DNS Changer. There is a free tool to fix it, if your computer is infected.
Background
Six Estonian nationals were arrested inlate 2011 and charged with running
a sophisticated Internet fraud ring that infected millions of computers
worldwide with a virus and enabled the thieves to manipulate the
multi-billion-dollar Internet advertising industry. Users of infected
machines were unaware that their computers had been compromised'or that the
malicious software rendered their machines vulnerable to a host of other
viruses.
The indictment, said Janice Fedarcyk, assistant director in
charge of our New York office, 'describes an intricate international
conspiracy conceived and carried out by sophisticated criminals.' She added,
'The harm inflicted by the defendants was not merely a matter of reaping
illegitimate income.'
Beginning in 2007, the cyber ring used a class
of malware called DNSChanger to infect approximately 4 million computers in
more than 100 countries. There were about 500,000 infections in the U.S.,
including computers belonging to individuals, businesses, and government
agencies such as NASA. The thieves were able to manipulate Internet
advertising to generate at least $14 million in illicit fees. In some cases,
the malware had the additional effect of preventing users' anti-virus
software and operating systems from updating, thereby exposing infected
machines to even more malicious software.
'They were organized and operating as a
traditional business but profiting illegally as the result of the malware,'
said one of our cyber agents who worked the case. 'There was a level of
complexity here that we haven't seen before.'
DNS'Domain Name
System'is a critical Internet service that converts user-friendly domain
names, such as www.fbi.gov, into numerical addresses that allow computers to
talk to each other. Without DNS and the DNS servers operated by Internet
service providers, computer users would not be able to browse websites or
send e-mail.
DNSChanger was used to redirect unsuspecting users to
rogue servers controlled by the cyber thieves, allowing them to manipulate
users' web activity. When users of infected computers clicked on the link
for the official website of iTunes, for example, they were instead taken to
a website for a business unaffiliated with Apple Inc. that purported to sell
Apple software. Not only did the cyber thieves make money from these
schemes, they deprived legitimate website operators and advertisers of
substantial revenue.
The six cyber criminals were taken into custody
yesterday in Estonia by local authorities, and the U.S. will seek to
extradite them. In conjunction with the arrests, U.S. authorities seized
computers and rogue DNS servers at various locations. As part of a federal
court order, the rogue DNS servers have been replaced with legitimate
servers in the hopes that users who were infected will not have their
Internet access disrupted.
It is important to note that the
replacement servers will not remove the DNSChanger malware'or other viruses
it may have facilitated'from infected computers. Users who believe their
computers may be infected should contact a computer professional. They can
also find additional information in the links on this page, including how to
register as a victim of the DNSChanger malware. And the FBI's Office for
Victim Assistance will provide case updates periodically at 877-236-8947.
For the source page for this information, see: http://www.fbi.gov/news/stories/2011/november/malware_110911
For a comprehensive list of national and international agencies to report scams, see this page.