Isn’t it interesting that when there’s an urban legend — one of those stories that is completely false or only partially true — it spreads like wildfire via forwarded emails to everyone you know?
But then sometimes information that is truthful doesn’t make the rounds as quickly?
That’s what happened last week — and the subject actually could have been seen as just as “alarmist” as some of those fake forwarded emails. Millions of users could have lost their Internet service this past Thursday because of a computer problem, but a last-minute extension delayed it for another four months.
In fact, I didn’t hear about the threat until Steven Sundermeier, president of the Medina-based Internet security firm ThirtySeven4 LLC, contacted me late Tuesday night by email to tell me about some free tools his company had created to help people.
In what sounds like a plot from a blockbuster movie or best-selling novel, the FBI last November arrested and charged six Estonian nationals with running a sophisticated Internet fraud ring that infected millions of computers worldwide with malware, which is basically a program designed to gather your financial information or to trick you into sharing information or simply to cause havoc.
The malware, called “DNSchanger,” enabled the thieves to manipulate the multibillion-dollar Internet industry.
Users of infected machines were unaware their computers had been compromised — or that the malicious software rendered their machines vulnerable to a host of other viruses.
As of last week, reports said at least 94 of all Fortune 500 companies and three of 55 major governmental agencies still had at least one PC or router infected with the DNSchanger. That’s on top of hundreds of thousands of residential computers in the United States that probably are infected.
DNS is short for “Domain Name System” and is a critical Internet service that converts user-friendly domain names, like www.fbi.gov, into numerical addresses that allow computers to talk to each other. Without DNS and DNS servers operated by Internet services,0 computer users would not be able to browse websites or send email.
To most computer users, DNS is a behind-the-scenes thing they don’t think about.
The “DNSchanger” malware was used to redirect unsuspecting users to rogue servers controlled by cyber thieves, allowing them to manipulate users’ Web activity. According to the FBI, when users of infected computers, for example, clicked on iTunes, they were instead taken to a website for a business unaffiliated with Apple Inc. that purported to sell Apple software. The FBI said that not only did the cyber thieves make money from these schemes, but they also deprived legitimate website operators and advertisers of substantial revenue.
After the Estonians were taken into custody, U.S. authorities got a federal court order to temporarily replace the rogue DNS servers with legitimate servers in hopes that users who were infected would not have their Internet access disrupted.
That temporary “fix” last November was to expire March 8. Federal authorities received a four-month extension last week, making the next date July 8.
While the replacement servers were put into place temporarily, that doesn’t solve the underlying problem. Owners whose computers have been infectedwith the DNSchanger malware need to make changes to fix the problem.
Fixes and tools
Sundermeier, with ThirtySeven4, said last week he put all of his employees on the case to come up with fixes and tools for users.
You might recall Sundermeier’s company in the past has offered readers a discount on its Android antivirus program. Several years ago, at his former employer, he offered readers a free year of antivirus protection.
ThirtySeven4 has a free detection tool on its website at www.thirtyseven4.com/dnschanger.html.
Users can download the tool from that website, which will tell you whether your computer has the DNSchanger. If it comes back clean, you are fine. If it comes back saying you have the malware, then there are instructions for what to do to make the fix.
ThirtySeven4 has gone one step further in offering the fix for you in its 30-day free trial of the antivirus. Instead of clicking on the manual instructions, you should go back to www.thirtyseven4.com/downloads.html for the 32-bit version and run it.
ThirtySeven4 always offers a free 30-day trial for its antivirus program, which would clean your machines and protect them from future attacks. The fix will happen as soon as the download happens and it is not necessary to keep the trial after the 30 days, though Sundermeier as a business person hopes you will, of course. However, the company is offering the checking tool and 30-day trial as a service to computer users to fix this problem, he said.
Sundermeier said he believes ThirtySeven4 is one of the only companies that has created a program in its antivirus to make the DNS alterations to redirect the DNS to a temporary Google public access account.
ThirtySeven4 also recommends after you make the fix that you call your Internet service — for instance, Time Warner if you have Roadrunner — to see if there’s anything else you need to do.
Free detection
If you have an antivirus program on your computer, you can still use the free detection tool to see if your computers have the malware, but if you want to use the 30-day trial of ThirtySeven4’s antivirus program to fix the problem, you first would have to uninstall your antivirus program, run ThirtySeven4’s program and reinstall your program, Sundermeier said.
A link to instructions for manually changing the DNS address will show up if the detection tool finds the DNSchanger and you have your own antivirus and want to do it yourself without uninstalling and using Thirty- Seven4’s product. If you’re more tech-savvy, you might feel more comfortable with that, but most users probably won’t and should let the free version do the work for them.
Sundermeier suggests using the detection tool to check every computer and laptop in your home.
If you have an antivirus program on your computer and have always kept it up to date, the chances are slimmer that your computer was infected with this malware.
“The best solution to ward off vicious attacks in the future is for consumers to make sure that they go with a reputable antivirus provider and that their protection is up to date,” Sundermeier said.
It takes only a few minutes to run ThirtySeven4’s free detection tool to see whether your computer is infected, so it’s well worth the time.
Sundermeier said if readers have more questions, they can email the company at support@thirtyseven4.com.
Betty Lin-Fisher can be reached at 330-996-3724 or blinfisher@thebeaconjournal.com. Follow her on Twitter at www.twitter.com/blinfisher and see all her stories at www.ohio.com/betty.
