Cyber-criminal case may affect Internet access

Information Services was able to scan most UMMS-issued computers and confirm none of them has been impacted by a “DNS changer malware virus.” Employees who experience an inability to connect to the Internet after July 9 should contact the UMMS Helpdesk at UMWHelpdesk@umassmed.edu or 6-8643 so that a desktop technician can resolve the issue.

To verify that a home computer has not been affected, follow the instructions on the DNS Changer Working Group site: www.dcwg.org.

“We recognize people have non-UMMS issued computers that may be vulnerable,” noted Dan Jones, Information Security Officer. “As a precaution, we recommend that our users confirm their home computers have not been impacted. By checking this before July 9, users can ensure their Internet connectivity will remain uninterrupted.”

The problem is related to a little-known international criminal case called “Operation Ghost Click.”

The case involves cyber criminals from Estonia, who were arrested in November 2011 for creating the DNS changer malware. This malware alters a computer’s domain name system (DNS) settings so that a victim’s Internet traffic (online purchases, credit card numbers, etc.) is sent through malicious systems and captured, allowing a criminal syndicate to later use the stolen information.

Because an unknown—potentially massive—number of computers were infected with the virus, the FBI authorized the Internet Systems Consortium to operate and maintain temporary “clean” DNS servers to allow affected networks time to identify infected hosts, and avoid sudden disruption of services to victim machines. This FBI-sponsored service will be shut down on July 9, and may cause problems for systems that are still infected with the botnet.