Thousands may lose Internet access Monday

If you suddenly find on Monday that your computer can't access the Internet, you might be able to blame a gang of alleged cyberthieves from Estonia and the FBI.

In November, the FBI was part of an international effort to bust a ring that was charged with infecting millions of Windows-based personal computers with spyware that redirected requests for common Web pages to rogue sites. When officials took action, they also seized the servers that were handling those redirects.

Since then, the FBI has been running the seized systems as benign Domain Name System (DNS) servers, which translate the numeric designations for Internet sites into recognizable Web addresses. But on Monday, the FBI will turn them off, and the hundreds of thousands of computers that remain infected with the DNS Changer malware won't be able to access the Internet.

Chris Bronk, a fellow for IT policy at the James A. Baker III Institute at Rice University, said this is the first time the FBI has continued to run the servers seized from cyber criminals.

"It comes down to the public good," Bronk said. "Some federal agency has to step in and do this."

It could have been much worse. At its peak, the gang controlled as many as 4 million computers, 500,000 of them in the United States, according to the FBI. Because of the large number of infected machines, the FBI opted to continue running the servers.

Since then, the numbers of infected PCs have fallen to about 300,000, thanks largely to a massive education campaign and alerts posted by sites such as Facebook and Google.

At Google, for example, people who do searches with infected machines have been shown a warning along with their results if their PCs have the malware.

More Information Are you infected? You can check to see if your PC is infected by going to www.dns-ok.us. If your PC has the DNSChanger malware, you'll be provided links to resources to remove it.

You can check to see if your PC is infected by going to www.dns-ok.us. If your PC has the DNSChanger malware, you'll be provided links to resources to remove it.

Bronk said that even with alerts from Google and the publicity surrounding Monday's shutdown, there will be some computers that remain infected when the servers are turned off.

"There are oblivious computer users, or users who don't care, or the infected machines are sitting in a closet and no one looks at them," he said.

The DNS Changer seizure sets a new precedent, and Bronk said the FBI may not be the appropriate agency to handle this situation. The Department of Homeland Security also has jurisdiction over national computer security, he said, but there may be a need for a new agency dedicated to cyberissues.

dwight.silverman@chron.com blog.chron.com/techblog twitter.com/dsilverman