An estimated 330,000 people are going to lose Internet access on Monday, but it’s unlikely that they haven’t already been warned. Google, Facebook and many ISPs have been sending out alerts to users who appear to be infected with a malware Trojan known as DNSChanger.

To verify any particular computer’s status, users should visit or (for the United States and Canada, respectively) for an automatic checkup. Additional countries and further information can be found at the DNSChanger Working Group’s site.

DNSChanger redirects infected computers through evildoer’s servers, enabling the criminals to commit advertising fraud and steal valuable data like credit card numbers. The FBI and its international counterparts temporarily replaced the shut-down sinister servers rather than letting everyone go dark, giving everyone an opportunity to rid themselves of the infection. That assistance ends on July 9.

At its height, more than 4 million computers were infected with DNSChanger. In June, IID reported that computers at 12 percent of Fortune 500 companies still had not been cleaned up, meaning they may well go dark on Monday.

The alleged criminals behind the malware are estimated to have snared $14 million through the cyber-deception, operating under the company name Rove Digital. The indictment in the case of the United States v. Vladimir Tsastsin, et. al, 11 Cr. 878 is posted below.

Related links:

DNSChanger Working Group –

FBI – Operation Ghost Click

Southern District of New York – United States v. Vladimir Tsastsin

Image by Flickr user AZRainman, used under Creative Commons license


Rove Digital Indictment