Mumbai: The impact of the malicious software DNSChanger, which had been due to hit thousands of computer users worldwide on Monday, is yet to be gauged. The full extent of the damage caused by the malware will be known only in the next 24-48 hours, computer security experts said.
India is the third largest among affected countries, with more that 21,000 Internet protocol (IP) addresses infected, according to the DNS Changer Working Group (DCWG)—a group of security firms and other experts, including members from the US National Cyber-Forensics and Training Alliance.
The US has the most number of infected computers at 69,617, followed by Italy with 26,494 infected systems. Domain Name System (DNS) settings convert domain names (www.xyz.com) into numerical addresses for computers, which talk in ones and zeroes, to understand each other. DNSChanger virus modifies the names, and without DNS and DNS servers operated by Internet service providers (ISPs), computer users will not be able to use the Internet. DNS servers are computer switchboards that direct Web traffic.
“As of now, various unconfirmed reports indicate a few thousand machines have been infected in India due to DNSChanger and its variants,” said Altaf Halde, managing director, Kaspersky Lab, South Asia. “Clean-up is going on, backed by leading industry aggregated members, including ISPs and security firms, and the infection numbers are getting reduced.” The malware and its variants such as Shadowbot have been in existence since 2007. Much of the cleaning up has already taken place and the number of computers infected has dropped. Security firm RSA, a division of EMC Corp., said on 7 July the Internet shutdown will only impact a small percentage of the world’s actual Internet user population since many took preemptive action in the March-July period. “We have no update at this point of time,” said an RSA spokesperson.