Back in November a federal judge allowed the not-for-profit Internet Systems Consortium to operate replacement domain-name-system servers for the purpose of replacing a rogue DNSChanger botnet that was directing users to various sites they did not intend to visit. The reroutes caused by this botnet could have resulted in Internet failures were it not for ISC's replacement servers.
Now the computer systems that would have otherwise lost their connections but for the replacement servers could be in trouble if a federal judge does not extend the court order originally granting the authorization for ISC to operate the servers. According to ISC's founder Paul Vixie, there are still about 500,000 end users that rely on these replacement servers. At the botnet's peak of performance it was reported that the number of infected end user machines could be as high as 5 million.
Prosecutors have asked for an additional four months before discontinuing the authorization so that they can notify all users who are still affected by DNSChanger to remove the malware from their systems. Several ISPs have bolstered the claims that many users remain infected. These ISPs, through the Messaging Anti-Abuse Working Group, have informed authorities that they are working hard to notify users and eliminate the malware.