Hundreds of thousands of people are likely to be confused on Monday when they fire up their home or office computers and can't connect to the Internet. Their network connections will be fine, but attempts to visit their favorite domains will be fruitless.
These people will be the unfortunate leftover victims of the DNSChanger botnet. Between 2007 and October of last year, the DNSChanger virus infected four million computers in 100 countries, according to the FBI. Often without the victims' knowledge, the computers were turned into drones that were instructed by rogue servers to visit websites and click on ads in a scheme to generate fraudulent advertising revenue.
Last November, the FBI apprehended a group of Estonian nationals allegedly behind the plot and seized the botnet's so-called command and control servers, which were located in New York and Chicago. But whereas past botnets have been disabled by eliminating such servers, the authorities couldn't do that with DNSChanger: because of the particular way the DNSChanger virus did its damage, "that would have been the same as if the Internet was suddenly broken for millions of people," says Dave Monnier, a fellow at Team Cymru, an independent group of computer security researchers.