Australians face web blackout from Monday

Internet users world wide are facing an internet blackout from Monday.
Internet users world wide are facing an internet blackout from Monday.

Follow @BgoAddy


TEN thousand Australian internet users are among four million worldwide who face a total internet blackout from July 9 thanks to a malicious piece of software that infected their computers without their knowledge.

That is the warning to Australian internet users from the Australian Communications and Media Authority, which today issued a statement appealing to internet users to check if they were infected.

The communications regulator, together with other government agencies, has set up the website for web users to check their computer for the malicious software and remove it if necessary.

The web blackout from July 9 will be enforced by the US Federal Bureau of Investigation (FBI), which is shutting down a number of web servers through which infected users' web request traffic has been travelling. It's shutting them down following an investigation into a sophisticated internet fraud ring which used the servers to manipulate people's web browsing.

The malicious software, or malware, changes a user's Domain Name System (DNS) settings on their computer, diverting all web requests through servers the FBI seized in November but has been temporarily maintaining to ensure internet services were not disrupted. This maintenance will finish on July 9, meaning computers still infected will face internet troubles.

"It is likely that users infected ... will be unable to connect to the internet when the temporary DNS solution is switched off," the website states.

Bruce Matthews, manager of the ACMA's e-Security division, said since November last year the watchdog had seen more than 10,000 Australian internet users infected with the "DNSChanger" malware.

Mr Matthews said that the ACMA worked with Australian internet service providers to try and reduce the number of infected users since it knew about the malware but said the number had only been reduced by a few thousand since November.

He said the way in which users were most commonly infected by the malware included opening malicious attachments in emails and visiting suspect websites through links included in an email.

Paul Ducklin, of security firm Sophos in Australia, said users may have been infected by the malware in the past and removed it but could still face issues on July 9 if they didn't change their DNS settings.

"So it's important to remember that even if your anti-virus gives you a clean bill of health about malware infection, you might nevertheless still be affected by a lingering side-effect of the malware," he said.