​DNS Changer: Malware Designed To Redirect Users

Author: Jennifer HongBy:
Follow Twitter:
July 6, 2012

Thousands of PCs are vulnerable to DNS Changer, a malware program that first surfaced in 2007, and that could leave people without Internet access beginning July 9.

In fact, the malware is so severe that the Federal Bureau of Investigation helped shut down the criminal ring responsible in late 2011. The federal agency then briefly handled the Internet Domain Name System routing for all infected Mac and Windows systems.

Since early 2012, the Internet Systems Consortium, a nonprofit corporation, took over DNS routing responsibilities from the FBI. But that courtesy is coming to an end Monday, and if your computer is one of the thousands still infected, you need to fix your machine so you can keep running.

DNS changing was only one of the malware’s functions, according to the DNSChanger Working Group, a consortium of companies, universities and other institutions helping to deal with the impact of program. The group says it’s also possible that it was capturing keystrokes, a technique also known as key logging.

As of June 11, the group detected DNSChanger infections from more than 300,000 unique Internet Protocol Addresses worldwide. Nearly 70,000 of those unique IPs originated in the United States. An Internet Protocol address counts as one main connection to the Internet, but can include multiple PCs behind one IP.

If your computer is infected with DNSChanger and you’ve recently visited Facebook or Google, then you’ve probably seen warnings about your system being infected with DNSChanger. Both services are posting notices to systems infected with DNSChanger and offering advice about what to do about the infection. Your Internet Service Provider may have also notified you about an infection.

Another way to find out if you’re infected is to visit one of several detection websites set-up by the DNSChanger Working Group. These sites will not require you to download any extra software or scan your hard drive. If you are infected, the site will be able to immediately detect it and notify you.

The bad news is that it doesn’t just go after PCs, but can also infect your router. That means you may visit a malware detection site from any PC in your home and all will register as being infected even though your router is really the culprit.

If you want to be absolutely sure your computer is clean, you can check your PC’s DNS settings without relying on a third-party website. PCWorld’s tutorial “Protect Yourself From DNSChanger” has detailed instructions on how to do this for PCs and Macs.

Share this article

Comments