Is malware scare much ado about nothing? - The Union Leader

Federal officials predict tens of thousands of Americans may lose access to their Internet service Monday if they don’t wipe clean their computers of a virus that may have infected them more than a year ago.

In New Hampshire, however, officials and computer repair experts instead believe Jimmy Buffett more accurately summed up the situation back in 1974, singing “Come Monday, it’ll be all right.”

“I think for most people, their computers have been cleaned up, and they didn’t even know it was happening,” said Robert Tarket, owner of Rx Computers in Rochester, a computer repair specialty store. “I don’t expect this to be a big deal. By now, any anti-virus software worth its salt would have detected this and gotten rid of it.”

The “this” Tarket refered to is DNSChanger malware, the chief villain in the “Malware Monday” scenario government officials warn may play out Monday on laptops and desktops across the country. Despite warnings about the possible looming loss of Internet service provider access, the FBI estimates about 277,000 computers worldwide â€" and 64,000 in the United States â€" are still infected with the malware.

Late last year, the FBI arrested six Estonian nationals on charges they ran a sophisticated Internet fraud ring that infected millions of computers worldwide with a virus that enabled the men to manipulate the multibillion-dollar Internet advertising industry. Users of infected machines were unaware their computers had been compromised or that the malicious software rendered their machines vulnerable to a host of other viruses.

Beginning in 2007, the cyber ring used a class of malware called DNSChanger to infect about 4 million computers in more than 100 countries. According to an FBI release, there were about 500,000 infections in the United States, including computers belonging to individuals, businesses and government agencies such as NASA. The thieves were able to generate about $14 million in illicit fees by manipulating Internet advertising.

Soon after making the arrests, FBI agents realized that if they were to shut down the group’s servers that were controlling computers, every one of the victims of the scam would lose their Internet service. Instead, the feds created the DNS Changer Working Group, or DCWG, to set up two clean Internet servers, to allow those with infected computers uninterrupted access to their service providers.

Those servers will be shut off at 12:01 a.m. Monday.

“Any computers still infected with DNSChanger will be unable to translate Web addresses into IP addresses and access their providers,” said Bill Rogers, commissioner of the New Hampshire Department of Information Technology.

Rogers, whose department manages and coordinates all technology resources in the executive branch of state government, said most Internet users should not have a problem connecting Monday.

“I’m not hearing too much concern about it,” said Rich Mattos, owner of Tech Pros in Berlin. “About 60 percent of our business involves getting rid of viruses, and I’ve heard from a few customers about this recently, but most don’t seem worried.”

“I know they say about 64,000 computers in the U.S. are infected, but I think that has to be a worst-case scenario,” said Vincent Kasem, owner of ACE Computer and Electronics in Manchester. “I don’t think it’s going to be a big deal.”

To check whether a computer is infected, consumers are encouraged to visit a website advertised by the FBI, http://www.dcwg.org.

, before 12:01 a.m. Monday. The site includes links to sites that will quickly determine whether a computer is infected and give instructions to help individuals check their own computers.

For anyone who is cut off from accessing the Web on Monday morning, all three computer repair store owners said their respective businesses, or ones like them, could quickly solve the problem. Consumers could also call their Internet provider for help.

- - - - - - - -

Paul Feely may be reached at pfeely@unionleader.com.