Some of you may be seeing warnings about the internet ending within the next day. Many of the news stories are vastly overblown, so in the interest of sanity, here are some facts:
- This all started several years ago, when malware was released that modifies the computer's DNS settings to use custom servers. DNS is like the internet's phonebook -- your computer looks up the name of a site like google.com
and gets back a number to connect to. The malicious DNS servers would return bad information, which the malware authors could use to hijack connections and make millions of dollars.
- On November 8, 2011, the FBI, in cooperation with Estonian law enforcement, arrested 6 people involved in the scheme. As part of the arrest, the malicious DNS servers were impounded. But without those DNS servers, all the infected machines might stop working. To avoid "breaking the internet" for those users, a court order allowed replacement servers to be run on a temporary basis, giving time for ISPs to inform their infected uesrs so they could be cleaned and avoid problems.
- This was very difficult malware to clean, as it could also infect the home router if it used a default password, thereby affecting even mobile phones that use the wireless network. Human nature is to procrastinate, so after 8 months of warnings from ISPs, Google, and Facebook, around half the machines are still infected. Those users may face a slow or broken internet in the coming hours.
- I estimate half a million devices will break, across hundreds of thousands of homes. This may sound like a lot, but your chances of being affected are actually quite slim -- less than one in a thousand. And if you haven't seen a warning at the top of your Google search results, then they're even more slim. (If you have
seen the warning, please take it seriously! The Google warning will go away once you're clean.)
Please spread the word to anyone who might be concerned. I'll be happy to answer any questions you might have.