Early Monday morning, at least 40,000 computers infected with the DNSChanger malware lost their connection to the internet after the FBI shut down a temporary safety net for users connected to the infected servers.
DNSChanger malware alters the infected computer to prevent it from executing one of the most basic online functions. DNS (domain name system) servers translate an address, such as the guardiannews.com, to a numerical one, simplifying the web browsing process for the average computer user. Once the malware infects the host computer, users are redirected to fraudulent sites.
Going into this morning’s shutdown, the FBI estimated that nearly 42,000 unique IP addresses in the US were still infected with the virus with an estimated 211,000 IP addresses globally affected. However, IP addresses are not equitable to individual people or computers, so the amount of users infected was likely much higher than those numbers suggest.
At the infection’s peak, more than 575,000 IP addresses were infected with the DNSChanger malware. Yet court documents from November show that more than 4m computers worldwide were infected, at least 500,000 of which were in the US. This makes the number of people affected much more difficult to pin down, especially because they can’t share their frustrations on the internet (unless of course they have internet access on their phones or have access to another uninfected machine).