July 9, 2012 at 1:14 PM ET
Hours after "Internet doomsday" kicked in, major service providers say almost all customers have avoided the shut-off of their Internet service, although there are some who will not be able to read this story online, unless it's on their smartphones.
"Less than 1 percent of Cox customers are infected with the virus," Todd C. Smith, Cox Communications director of media relations told msnbc.com.
"Since midnight last night, when the FBI (via the Internet Services Coalition) disconnected the servers associated with this botnet, we've only received a miniscule number of calls, but our customer care and security assurance teams are standing by and are ready to help," Charlie Douglas, Comcast senior director of corporate communications, told msnbc.com.
(Msnbc.com is a joint venture of Microsoft and NBCUniversal, a unit of Comcast.)
"The number of calls we're seeing today is miniscule," Douglas said. "Going into this, we had estimated that far less than even 1/10th of 1 percent of our customers would be affected."
Verizon said it is not seeing "anything significant thus far."
"Keep in mind we have a very small relative number of customers impacted," Bob Elek of Verizon Communications told msnbc.com. "But we anticipate beginning the process of correcting affected customers as we go forward during July. To do so, we have extended support throughout the month and we are offering customers step-by-step, do-it-yourself remedial steps or access to a third-party for the same if they prefer."
For AT&T customers, there has been "very little impact," Mark Siegel, AT&T executive director, media relations, told msnbc.com. "For the very small number of customers whose computers may have the virus, we are redirecting their traffic to servers we have set up that will enable them to continue use their computers. This will be in place through the end of the year so these people will have even more time to remove the virus from their computers, which is an easy process. We have been communicating with these customers for months to let them know how to remove the virus."
At least one security researcher says it's still too early to really know DNS Changer's impact.
"ISPs are not necessarily in a rush to reveal the number of their customers affected," wrote David Harley, ESET security senior research fellow, on that company's blog. "Bad news for the customer is bad news for the ISP, even if it's not a problem of the ISP's making."
Internet service providers, he wrote, "may already be redirecting requests to a valid server. Well, that's what I'd be trying to do if I was in that sector. Helpdesks may be a little too occupied with panicky phone calls to be too concerned right now about publicly releasing figures. In some cases, they may even be able to fix the problem without being fully aware of the cause."
Cox, like other Internet service providers, "worked closely with the FBI on this case in the fall and immediately established a redirect for infected customers to Cox DNS servers," Smith told msnbc.com. "Therefore, no Cox customers are impacted by the FBI transition and we plan to keep the redirect up until we have contacted every customer individually."
Those who are having problems getting online Monday should call their Internet service provider for further instructions on what to do.
At 12:01 a.m. ET, the FBI shut down Internet servers that had been set up as a temporary safety net to keep infected computers online for the past eight months. The court order the agency obtained to keep the servers running expired, and it was not renewed.
Last fall, the FBI arrested six Estonian nationals who were charged with using malware and rogue DNS servers to hijack millions of computers worldwide. At that time, it was described as the "biggest cybercriminal takedown in history."
Because the malware, known as "DNSChanger" is so nasty — it's strong enough to wipe out a computer's anti-virus software — the FBI set up a safety net using government computers to prevent any Internet disruptions for users whose computers may be infected.
That safety net was set to go away in February, but the date was extended to July 9 because the agency was concerned that not enough users are aware of the problem.
Security company F-Secure said Monday on its blog that DNSChanger was still present on about 47,000 U.S. computers, down from what was estimated to be between 250,000 and 300,000 computers in recent months. Worldwide, about 250,000 computers remained infected as of this past weekend, the Associated Press said.
"According to reports, many major Internet Service Providers have configured their own substitute DNS servers and are continuing to work the problem," F-Secure said on the blog. "The FBI is out — and ISPs are in. All in all, things are working out as they probably should in a case such as this. The infection count continues to decrease without a major crisis in support calls. (We've only received a couple from our own customers.)"
Comcast's Douglas said that for months, "we have been emailing, mailing letters, sending in-browser notifications and calling customers who we thought might be impacted and we urged them to take action by visiting a dedicated website www.xfinity.com/dnsbot where they had two choices. They could either download a free security update we provided ... or, if they're not comfortable doing that, then they can call Xfinity Signature Support and, for a fee, have a professional help them remove the malware."