Skip to main content

The Globe and Mail

About 9,000 Canadian computers face infection threat

Employees are increasingly opting to work on their personal laptops and smartphones in a trend driven by the popularity of Apple consumer devices.

L.G. Patterson/CP/AP

About 9,000 Canadian-owned computers could be infected and lose access to websites, e-mail and social networking on Monday when the FBI shuts down temporary servers used to stop a scam, experts say.

Overall some 300,000 computers, most of them in the United States, Italy and India, could be infected and lose their Internet service, Queen's University associate professor Thomas Dean said Friday.

"The computer will start up, but when you try to use your mail or try to use your browser, you are going to get some kind of error message," Prof. Dean said from Kingston, Ont.

Story continues below advertisement

Warnings about the Internet problem have been splashed across Facebook and Google and Prof. Dean said that initially about four million computers were infected globally.

The FBI took down hackers last fall in an online advertising scam and had clean servers installed to take over from the malicious servers so that people wouldn't lose their Internet service right away, but the replacements are being turned off on Monday.

Prof. Dean said Canadians can go to to check if their computers are infected and take appropriate measures. He said Canadians may also have to check routers to see if they have been affected, too, and reset them.

"We've got roughly 9,000 computers that still appear to be infected," he said about the Canadian situation.

If computers have been infected due to the scam, they haven't been able to perform anti-virus software or system updates, leaving them vulnerable to other malware, said Prof. Dean, who teaches in Queen's University's department of electrical and computer engineering.

The DNSChanger Trojan malware program at issue was created to redirect Internet traffic and hijack online searches.

Symantec's Dean Turner said Eastern European and Russian hackers generated a profit of $14-million by setting up rogue servers and getting paid for driving traffic to malicious websites, and for also putting fake ads on top of real ads on legitimate websites.

Story continues below advertisement

"It was basically click fraud — hijacked searches," said Mr. Turner, director of global intelligence for Symantec, a software security company.

While Mr. Turner said it's difficult to predict how many infected computers would be in Canada, he said 9,000 wouldn't be "out of whack."

On Monday, infected computers will get message saying "Cannot find this website," he said from Calgary.

"It would block all access to the Internet."

McAfee's Robert Siciliano said computer users who have no access on Monday may wrongly assume that their Internet service provider is having problems and flood them with calls.

"It will ultimately be a nightmare for customer service," said Mr. Siciliano, who specializes in online security at McAfee, another anti-malware security company.

Story continues below advertisement

ISPs may have to bring in tech support if they're inundated with calls, he said.

Bell said it has been contacting customers by phone and e-mail for some time about the potential problem.

The telecom company also has a webpage that explains the problem and directs consumers to the Canadian Internet Registration Authority's online diagnosing tool.

Report an error

The Globe invites you to share your views. Please stay on topic and be respectful to everyone. For more information on our commenting policies and how our community-based moderation works, please read our Community Guidelines and our Terms and Conditions.

Please note that our commenting partner Civil Comments is closing down. As such we will be implementing a new commenting partner in the coming weeks. As of December 20th, 2017 we will be shutting down commenting on all article pages across our site while we do the maintenance and updates. We understand that commenting is important to our audience and hope to have a technical solution in place January 2018.

Discussion loading… ✨