‘Internet Doomsday’ virus fizzles, web traffic flows

BOSTON (Reuters): Fears that a computer virus might cut Internet access around the world appeared to be overblown on Monday after US authorities removed a safety net that had protected infected machines for months. Shortly after midnight EDT, the authorities cut off computer servers in New York City that had been put in place to direct traffic for infected computers, which would have been unable to access the Internet without their help.

 Some blogs and news reports had warned that the shutdown of the servers could trigger a potential “blackout” and described the malicious software as the ‘Internet Doomsday’ virus.

But that did not happen. “All quiet,” said Barry Greene, a security consultant who volunteers with the DNS Changer Working Group, an ad-hoc group of experts who teamed up to help fight the virus and educate the public about how to eradicate it.

The working group was using the incidence of service calls to Internet providers as a barometer for measuring the impact of the sever shutdowns.

As of Monday afternoon New York time, providers had seen no increase in call volume. “The outreach campaign has reached everyone humanly possible,” Greene said.Victims of the virus originally required assistance because the virus had changed settings on their PCs, diverting Internet traffic through rogue servers that showed them advertisements.

Police shut them down in November. Infected machines would have been unable to access the Web unless they were repaired, so authorities put the backup system in place as a stopgap measure.

 As of Sunday, the number of machines using the clean servers was down to 211,000, with about 42,000 in the United States, according to the FBI.

That is a tiny fraction of the world’s more than one billion Internet users, said research lab of anti-virus software maker Panda Security’s Technical Director Luis Corrons Granel. “Not a big impact,” he said.

The number of users who actually lost Internet service was likely far fewer than the 211,000 who accessed the temporary server on Sunday, said Hypponen, of F Secure.

That is because many Internet service providers, including AT&T Inc and Time Warner Cable, set up their own servers so their customers with infected machines could continue to access the Internet.

“It’s the 9th of July, and the Internet has not exploded into bits and pieces,” remarked one Twitter user.

The United States has charged seven people with orchestrating the worldwide Internet fraud. Six were arrested in Estonia, while the seventh, who was living in Russia, is still at large. Estonia has extradited two of the men to New York, where they appeared in Manhattan federal court.

The case is USA v. Tsastsin et al, US District Court for the Southern District of New York, No. 11-cr-878.