Virus could black out nearly 250,000 PCs

BOSTON Fri Jul 6, 2012 5:02am IST

Backlit keyboard is reflected in the screen of a computer in Warsaw February 6, 2012. REUTERS/Kacper Pempel/Files

Backlit keyboard is reflected in the screen of a computer in Warsaw February 6, 2012.

Credit: Reuters/Kacper Pempel/Files

Related Topics

Stocks

   
Rajalakshmi (C), 28, smiles after winning the Miss Wheelchair India beauty pageant in Mumbai November 26, 2014. REUTERS/Danish Siddiqui

Miss Wheelchair India

Seven women from across India participated in the country's second wheelchair beauty pageant, which aims to open doors for the wheelchair-bound in modelling, film and television, according to organisers  Slideshow 

BOSTON (Reuters) - About a quarter-million computer users around the world are at risk of losing Internet access on Monday because of malicious software at the heart of a hacking scam that U.S. authorities shut down last November.

Some blogs and news reports hyped the risk of an outage, warning of a potential "blackout" and describing the Alureon malware as the "Internet Doomsday" virus.

Yet experts said only a tiny fraction of computer users were at risk, and Internet providers would be on call to quickly restore service. They said they considered the threat to be small compared with more-prevalent viruses such as Zeus and SpyEye, which infect millions of PCs and are used to commit financial fraud.

As of this week, about 245,000 computers worldwide were still infected by Alureon and its brethren, according to security firm Deteque. That included 45,355 computers in the United States.

The viruses were designed to redirect Internet traffic through rogue DNS servers controlled by criminals, according to the FBI. DNS servers are computer switchboards that direct Web traffic.

When authorities took down the rogue servers, a federal judge in New York ordered that temporary servers be kept in place while the victims' machines were repaired. The temporary servers will shut down at 12:01 a.m. EDT (0401 GMT) on Monday, which means the infected PCs that have not been fixed will no longer be able to connect to the Internet.

Some U.S. Internet providers, including AT&T Inc (T.N) and Time Warner Cable (TWC.N), have made temporary arrangements so that their customers will be able to access the Internet using the address of the rogue DNS servers.

Information on how to identify and clean up infections can be found on a website that a group of security firms and other experts set up: www.dcwg.org.

"It's a very easy one to fix," said Gunter Ollmann, vice president of research for security company Damballa. "There are plenty of tools available."

Many of the machines that remain infected are probably not in active use since most victims were notified of the problem, said security expert Johannes Ullrich, who runs the Internet Storm Center, which monitors Web threats.

The United States has charged seven people for orchestrating the worldwide Internet fraud. Six were arrested in Estonia, while the seventh, who was living in Russia, is still at large. Tallinn has so far extradited two of the men to New York where they appeared in Manhattan federal court.

The case is USA v. Tsastsin et al, U.S. District Court for the Southern District of New York, No. 11-cr-878. (Reporting by Jim Finkle in Boston; Additional reporting by Basil Katz in New York; Editing by Lisa Von Ahn)

FILED UNDER:

Online Grocery Shopping

REUTERS SHOWCASE

Vodafone Tax Dispute

Vodafone Tax Dispute

India advised against challenging Vodafone tax ruling - source  Full Article 

Banking Sector

Banking Sector

India's laggard state lenders face tough sell on capital raising plan  Full Article 

Trade Deal

Trade Deal

WTO postpones trade deal by a day after last-minute objection.  Full Article 

Falling Oil Prices

Falling Oil Prices

Saudis signal no push for oil cut as market to "stabilise itself"  Full Article 

Raising Stake

Raising Stake

Nippon Life to raise stake in Reliance Capital fund unit  Full Article 

Sterilisation Camps

Sterilisation Camps

Sterilisation targets remain in all but name, critics say  Full Article 

Share Buyback

Share Buyback

Samsung Electronics to buy back $2 billion in shares  Full Article 

Microsoft in China

Microsoft in China

Microsoft to pay China $140 million for 'tax evasion'   Full Article 

Flashback: 26/11

Flashback: 26/11

The three-day attack in November 2008 left 166 dead.  Slideshow 

Reuters India Mobile

Reuters India Mobile

Get the latest news on the go. Visit Reuters India on your mobile device  Full Coverage