International hackers ran an online advertising scam designed to infect and take control of computers around the world. The FBI responded to the threat by setting up safety measures using computers procured by government. The measures were designed to avoid disruption of infected computers. But by July, the FBI plans to shut down the system and is calling on users to visit a website run by its security partner
where they can determine whether they have been infected and learn how they can fix the problem if they have been.
July 9 is the deadline for Internet users with infected computers to visit the website
and learn how to clean their computers. After July 9, all infected computers will not be able to connect to Internet.
However, most victims of the hacker scam do not even know that their computers are infected, though the malicious software might have slowed down their web surfing, disabled their antivirus software and exposed their machines.
According to the Associated Press
, last November, the FBI was investigating a hacker ring running an Internet scam on a massive scale by taking over infected computers. According to Tom Grasso, FBI supervisory special agent: "We started to realize that we might have a little bit of a problem on our hands because... if we just pulled the plug on their criminal infrastructure and threw everybody in jail, the victims of this were going to be without Internet service. The average user would open up Internet Explorer and get `page not found' and think the Internet is broken."
reports that before members of the hacker ring were arrested, the FBI invited Paul Vixie, chairman and founder of Internet Systems Consortium, to install two Internet servers to replace impounded rogue servers that infected computers were hooked to. FBI planned to keep their servers online until March to allow everyone time to clean their computers. But because more time was needed, a federal judge in New York extended the deadline until July. Grasso explained: "The full court press is on to get people to address this problem."
According to the FBI, the hackers infected a network consisting of probably more than 570,000 computers worldwide. They exploited vulnerabilities in the Microsoft Windows operating system to install malicious software on victim's computer. The malicious software disabled antivirus updates and modified the way computers reconciled website addresses on the Internet's domain system.
The malicious software reprogrammed infected computers to use rogue DNS servers owned by the hackers, allowing the hackers to redirect computers to fraudulent versions of websites. According to AP
, the hackers made profits from advertisements on websites that victims were redirected to and earned about $14 million. But the scam also hooked thousands of machines on the rogue severs. When the FBI and their collaborators arrested six Estonians last November, the rogue servers were replaced by Vixie's. Running the substitute servers has cost federal government about $87,000.
FBI say they organized the system to avoid giving the impression of government intrusion into people's privacy. According to FBI, while this is the first time they have used this system it will not be the last. Eric Strom, FBI's Cyber Division unit chief, said: "This is the future of what we will be doing. Until there is a change in legal system, both inside and outside the United States, to get up to speed with the cyber problem, we will have to go down these paths, trail-blazing if you will, on these types of investigations."