Malware puts 9,000 Canadian PCs at risk
Lights on an Internet switch are lit up as with users in an office in Ottawa, on February 10, 2011. THE CANADIAN PRESS/Adrian Wyld
MONTREAL - About 9,000 Canadian-owned computers could be infected and lose access to websites, email and social networking on Monday when the FBI shuts down temporary servers used to stop a scam, experts say.
Overall some 300,000 computers, most of them in the United States, Italy and India, could be infected and lose their Internet service, Queen's University associate professor Thomas Dean said Friday.
"The computer will start up, but when you try to use your mail or try to use your browser, you are going to get some kind of error message," Dean said from Kingston, Ont.
Warnings about the Internet problem have been splashed across Facebook and Google and Dean said that initially about four million computers were infected globally.
The FBI took down hackers last fall in an online advertising scam and had clean servers installed to take over from the malicious servers so that people wouldn't lose their Internet service right away, but the replacements are being turned off on Monday.
Dean said Canadians can go to www.dcwg.org to check if their computers are infected and take appropriate measures. He said Canadians may also have to check routers to see if they have been affected, too, and reset them.
"We've got roughly 9,000 computers that still appear to be infected," he said about the Canadian situation.
If computers have been infected due to the scam, they haven't been able to perform anti-virus software or system updates, leaving them vulnerable to other malware, said Dean, who teaches in Queen's University's department of electrical and computer engineering.
The DNSChanger Trojan malware program at issue was created to redirect Internet traffic and hijack online searches.
Symantec's Dean Turner said Eastern European and Russian hackers generated a profit of $14 million by setting up rogue servers and getting paid for driving traffic to malicious websites, and for also putting fake ads on top of real ads on legitimate websites.
"It was basically click fraud — hijacked searches," said Turner, director of global intelligence for Symantec, a software security company.
While Turner said it's difficult to predict how many infected computers would be in Canada, he said 9,000 wouldn't be "out of whack."
On Monday, infected computers will get message saying "Cannot find this website," he said from Calgary.
"It would block all access to the Internet."
McAfee's Robert Siciliano said computer users who have no access on Monday may wrongly assume that their Internet service provider is having problems and flood them with calls.
"It will ultimately be a nightmare for customer service," said Siciliano, who specializes in online security at McAfee, another anti-malware security company.
ISPs may have to bring in tech support if they're inundated with calls, he said.
Bell (TSX:BCE) said it has been contacting customers by phone and email for some time about the potential problem.
The telecom company also has a webpage (http://www.bell.ca/malware) that explains the problem and directs consumers to the Canadian Internet Registration Authority's online diagnosing tool (www.dns-ok.ca).