Remember: Internet Doomsday to wreak havoc on PCs on 9 July

22 Jun 2012

Internet users face losing their connection with the internet on 9 July due to their computers being infected with the DNSChanger Trojan, Irish security organisation IRISSCERT has warned.

In April, we reported how on 9 July the FBI is threatening to pull the plug on a server that is costing them too much but which protects more than 300,000 computers worldwide infected by an insidious piece of malware.

The malware that is understood to have infected 500,000 PCs and Macs originated with an Estonian crime gang the FBI broke up in November.

It is understood that the cyber security team at Trend Micro’s operations in Cork played a key role in ‘Operation Ghost Click’ to help apprehend several individuals in Estonia and Russia.

These cyber-criminals manipulated internet websites and advertising to generate at least US$14m in illicit fees. Using malware known as DNSChanger, the scammers redirected users to rogue servers, which sold fake pharmaceuticals and security products, among other items.

The virus first emerged in 2007 and hijacked computers without users’ knowledge and generated fraudulent clicks on ads.

Infected computers need to be fixed ASAP

IRISSCERT explained DNS – domain name system – is a critical internet service that converts user-friendly domain names, such as, into numerical addresses that allow computers to talk to each other. Without DNS and the DNS servers operated by internet service providers, computer users would not be able to browse websites or send email.

IRISSCERT says it is aware that a number of Irish PCs are still infected with the DNSChanger and could be effectively disconnected from the internet on 9 July.  

It urges people to check and ensure their PCs are not infected with the DNSChanger Trojan. To check if your PC is infected, IRISSCERT recommends you visit the website of the DNSChanger Working Group, which has a step-by-step guide to check if your PC is infected and instructions on what to do if it is infected.

Andy Whelan, spokesperson for IRISSCERT, said: “On a daily basis we see a large number of PCs in Ireland that are infected with the DNSChanger Trojan and we are concerned that come July 9th they will no longer be able to browse the Internet. We urge people to go to the website of the DNSChanger Working Group to determine if their PC is affected and to follow the steps outlined to fix their computer if they are.

“We would like to remind everyone that prevention is better than the cure and people should take some rudimentary steps to protect their computers by:

  • Using reputable anti-virus software
  • Ensuring their anti-virus software is working and up to date
  • Keep their computer systems and software up to date with the latest software patches
  • Not clicking on links or attachments in emails unless absolutely sure they are genuine
  • Using strong passwords on their systems and for any websites that they use.”

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years