US police are predicting that more than 100,000 PCs will lose their internet connection when the FBI pulls the plug on servers that control DNSchanger,
On July 9, the FBI will disable rogue DNS servers it seized late last year and believes that by then there will be 100,000 left in the botnet.
That figure is large but is only a third of the 350,000 to 400,000 internet users believed to still have the DNSChanger malware on either their modems or Windows computers.
It is also a fraction of the four million users who were infected at the height of the Estonian scam.
Six Estonians have been arrested and are currently subject to extradition procedures to face charges in the United States.
The FBI gained interim control of the rogue DNS servers, but expect to shut them down on July 9, after a four month court ordered extension of the program expires.
Paul Vixie of the Internet Systems Consortium told AusCERT 2012 attendees that internet service providers would have to rush new modems to those who think they might still have the malware.
He said that the scammers scripted the web interface and changed the DNS settings in the CPE of the modem and it is difficult to get these re-programmed, he told SC Magazine .