If you suddenly lose access to the Internet on Monday, don’t panic: it doesn’t mean that your PC has recently been infected with a virus or anything.
It just means that your PC was infected with a virus a long time ago, and the FBI has been helping to keep your infected PC online all this time.
Here’s what happened: A criminal enterprise created and unleashed a piece of malware called DNSChanger. In broad strokes, it interferes with all of your online activity by invisibly redirecting your Internet service to use the crime syndicate’s own set of domain name servers.
A domain name server is the trusted address book for every computer on the Internet. You ask the Web browser on your PC to take you to Suntimes.com. Your PC’s Internet service contacts a DNS, which tells your PC the numerical address of the Sun-Times’ web server, and then your web browser connects to that physical web server and opens the page.
DNSChanger forces an infected PC to use the criminals’ fraudulent DNS. As you can imagine, a fake DNS is like a fake phone book; it can trick your PC into going damned near anywhere without your ever being aware. It appears that the main scheme of DNSChanger was to redirect ad traffic and search results to sites that earned money for the scammers via referral links. But it also pulled worse tricks, such as re-routing URLs for Netflix, iTunes, and even the IRS to unrelated sites where the syndicate could reap kickbacks from established referral networks. The malware netted the enterprise more than $14M before it was shut down in October by the FBI and international law enforcement.
It’s a PC virus, but it can also modify the settings of your broadband router to use the rogue DNS so that the browser traffic of every computer and device on your network would be affected . . . including Macs, tablets, and phones.
Because DNSChanger infected so many computers — the FBI estimates half a million infections in the U.S. and about 4 million worldwide — and infected computers can only access the Internet through the criminals’ domain name servers, law enforcement decided to temporarily replace the criminals’ rogue domain name servers with legitimate ones, to keep those millions of users (many of which were inside government agencies such as NASA) online.