Will You Be Affected By ‘Malware Monday’?

Computer security experts are warning users that their machines could be unknowingly infected with malware that will make it impossible for them to use the Internet starting next week:

Thousands of computer owners may find it impossible to reach the Internet on Monday despite an unprecedented campaign by a coalition of tech security groups and the online giants Google (GOOG) and Facebook, which have sought to warn people about the malicious software known as DNSChanger.

It’s unclear how many computers are still infected with the software. But experts believe the extraordinary outreach by law enforcement, computer security experts and big Internet companies has whittled the number down from more than 500,000 to less than 70,000 in the United States since the FBI busted the East European crooks behind the malware scheme last fall.

Because some users still don’t know their computers have the malware, experts are urging people to run a diagnostic test offered by several legitimate security sites before Monday.

That’s when authorities plan to shut down a temporary server network, operated under an unusual arrangement between federal authorities and a nonprofit group, that allowed infected machines to continue visiting the Internet after the FBI broke up a crooked advertising operation that was hijacking those computers and sending them to bogus or unauthorized websites

Some tech writers are dismissing the attention that this story is getting in the press, claiming it’s being overhyped. Perhaps. However, this is one of those things that likely could have slipped past even the most aggressive virus protection and firewall, so it’s worth checking to see if you’ve been impacted just in case. If you’d like to do that, here’s how to do it:

You can check to see whether your computer is infected by clicking on this link, which is run by DCWG.

If the page is green, you’re in the clear. If it’s red, your computer is infected.

On Thursday the site got 2 million hits, but very few of those computers were infected, DCWG volunteer Barry Greene told ABCNews.com.

Google and Facebook say they have also set up notifications for infected users. If you type in a search term and see a message that says, “Your computer appears to be infected” at the top of your screen, guess what. Your computer is infected.

Comcast, AT&T and Verizon are among the other organizations notifying customers if they have infected machines.

Important: According to DCWG, you should not need to scan, make changes or download anything to tell whether your computer is infected.

The good news is DCWG has put together a page of trusted tools and a step-by-step guide for how to fix your computer.

The bad news is it can take a day or two actually to fix the problem, Greene told ABCNews.com. That’s because the malware is in a deep section of the hard drive called the “boot sector.”

“The malware problem out there is nasty, and it’s impacted society on multiple levels,” Greene said. “It’s extremely hard to get rid of. In most companies, if they get infected with it, they throw away the hard drive.”

If you can’t do that, follow the instructions. They include backing up your files and reinstalling your operating system.

Hopefully it won’t come to that. In any case, check it if you feel you need to. After all, I’d hate to think any of you might miss out on OTB’s fine content next week.

FILED UNDER: Quick Takes, Science & Technology
Doug Mataconis
About Doug Mataconis
Doug holds a B.A. in Political Science from Rutgers University and J.D. from George Mason University School of Law. He joined the staff of OTB in May 2010 and contributed a staggering 16,483 posts before his retirement in January 2020.

Comments

  1. mantis says:

    However, this is one of those things that likely could have slipped past even the most aggressive virus protection and firewall

    Actually, that’s extraordinarily unlikely. If you have antivirus software, chances are extremely high that if your computer ever had the virus, it has been eradicated (but you should still click the link and check for sure).

  2. @mantis:

    One would hope you’re right. Of course, even now there are a lot of casual Internet users who don’t exactly keep on top of security issues and updates to their security software, assuming they have it installed.

    Heck, a few months ago, I was trying to help a friend resolve a WiFi problem when I realized that they had their network completely open and unprotected, and this is a non-techie person who had no idea what I was talking about when I tried to explain why this was a bad idea.

  3. mantis says:

    @Doug Mataconis:

    Trust me, I hear you, but that would be more like:

    However, this is one of those things that likely could have slipped past even the most aggressive virus protection and firewall users who don’t know enough or are too lazy to keep their systems protected with simple software.

    Just sayin…

  4. @mantis:

    Part of me wants a law banning anyone who loses internet access on Monday from getting it back. Given how much this has been in the news for three or four months now, if you still get caught by it, you’re obviously not ready for the responsibility of having internet access, and the rest of us will be better of without your malware riddled box messing up the network for everyone else. 😉

  5. ernieyeball says:

    @Stormy Dragon: Yeah and we oughta’ take away the drivers license from anyone who ever ran out of gas too. Sittin’ on the side of the road creating a hazzard…the nerve!!!

  6. matt says:

    @mantis: I wouldn’t say that’s true at all. I had a machine a couple days ago where the virus actually infected the MBR on the drive itself. All standard scanners couldn’t see it or couldn’t do anything about it. The owner had McAfee virus protection installed and up to date.

    To fix it I ended up having to put it in my linux box so I could copy his important files off the drive without risk (scanned of course). At the request of the owner I then did a complete format of the drive before re-installing his OS.

  7. mantis says:

    I wouldn’t say that’s true at all. I had a machine a couple days ago where the virus actually infected the MBR on the drive itself.

    Ugh. I didn’t know there was an MBR variant. How did you even detect it, or was it his ISP?

  8. Ron Beasley says:

    I have Comcast and they have been very proactive on this sending both emails and snail mail notifications to customers. The virus scans and the MS malware scan has been pretty effective since the figure there are only 277,000 computers in the US that are infected. There are more computers than that in my small city.

  9. Ron Beasley says:

    Of Topic sort of:
    I am running Windows 7. When I turned off my computer last night all was well – when I turned it on this morning all was not well. I went to the web first and the fonts were all messed up – at many sites the fonts were all italic and in some cases bold italic. It was the same in all web browsers and Excel. I did a goggle search and found I am not the first one to have this problem which is certain fonts simply disappear. Arial regular, Georgia regular and Verdana regular were no longer there. I had to go to another computer and copy the missing fonts onto a thumb drive and reinstall them on my main computer. There may be others missing but they haven’t bothered me yet. The only thing that happened was Norton did a system scan last night that included a registry scan.

    Has anyone else had this problem!
    OTB was really messed up!

  10. al-Ameda says:

    ran the link to the test …. Green!

  11. matt says:

    @mantis: The virus I was dealing with wasn’t this one. I figured out something was wrong because the machine was still acting up after doing a typical cleaning job. The persistence of the virus install is actually what convinced me it was hiding in the MBR. I ended up being forced into using a special program to check the MBR itself and that’s when it was confirmed that the MBR was modified. AT that point is when I told the client that his hard drive was infected and even a regular format wouldn’t get rid of it. The client requested I recover some personal pictures and data first. So that’s why I tossed it in a Linux box so I could grab the files he required without risking my unit.

    I’m still not sure how this virus made it past the McAfee install considering it was active and up to date. McAfee tends to be a pretty good anti-virus company. Reasons like this is why I run multiple scanners weekly on all my machines. When cleaning client’s systems I also utilize at least three virus scanners to insure I have complete coverage of possible holes. I’ve had stuff slip past two of the scanners only to be caught by the third.

  12. ernieyeball says:

    @al-Ameda: How long did it take?