An extension granted in March for the DNS servers run by the Internet Systems Consortium for victims of the DNS Changer malware expires in less than a week. After the FBI disconnected the ESThost/Rove Digital “rogue” DNS infrastructure in New York and Chicago as part of operation “ghostclick”, ISC has acted under a custodial court order to install and maintain legitimate DNS servers for affected users. The contract to maintain these clean DNS servers is set to expires on July 9.

The DNS Changer Working Group (DCWG) estimates that more than 350,000 users are still affected by DNS changer virus. Unlike the previous shutdown date in March – which was put off by a federal court – there will be no extension this time. There are various checkup sites as well as one by Google where you can check to see if your computer is infected.

Users who ignore these warnings face being cut off from the entire Internet once the court order expires on July 9.

Six Estonians (editor's pun.. living in Estonia does not make you Estonian), were using an ostensibly legitimate front company to organize a sophisticated system of false DNS servers. These servers then sometimes redirected the web browsers of computers infected with the “DNSChanger” virus to sites of the hackers' own choosing. (more pun..Ever wonder how you landed at that Apple store in China)

Rove Digital is accused of making money from the infected computers by receiving 'per-click' revenue from advertisers, the normally legal method that rewards sites that refer users to sites being advertised, according to the official New York indictment and the FBI. The scheme was estimated to have netted nearly $20 million over four years for those behind the virus.

Only those who have been caught say “Crime doesn’t pay”