DNSChanger may see 500,000 Internet users go offline today

Up to half a million people could see their computers go offline today, as the US continues to grapple with the DNSChanger malware that has been infecting computers since 2007.

The FBI is taking down the DNS servers used by Estonian cyberthieves as it seeks to end the scam for good, having seized control of the hackers system in November last year. But this will see hundreds of thousands of users blocked from the Internet today, as the lookup systems of the affected computers will try to connect users to the servers being taken down – meaning attempts to connect to any site will fail.

Those taken offline are encouraged to call their ISPs to fix the problem, which will involve changing settings on their computer. Estimates of those affected around the world range from 300,000 in the Guardian to 500,000 on Mail Online.

The operations of the DNSChanger are alluded to in its name. By changing settings on the victim’s PC, the malware makes the user automatically adopt the DNS (domain name system) servers of the Estonian perpetrators to look up addresses, rather than the user’s ISP. This diverts the affected computers to advertising sites instead of the ones requested, and the scam has earned the hackers an estimated £8.7m since its creation in 2007.

The number of affected users has been falling steadily, but hundreds of thousands have been successfully targeted worldwide, with as much as 12 per cent of the top 500 US companies said to have PCs or Macs infected by the malware.

Warnings of the server take-down emerged in April but many are expected to have missed the alert and will find themselves offline today. It was predicted at the time that around 20,000 of those affected by the DNSChanger are from the UK.