Are You Infected With DNSChanger Malware?
Is your computer infected with the DNSChanger malware? You might want to double check because come July 9, you might lose access to the Internet.
Stats released last month suggested that more than 300,000 unique IP addresses were still affected by DNSChanger, according to a Wednesday blog postfrom F-Secure. The large majority, or almost 70,000, were in the U.S.
That's down from the more than half a million computers infected earlier this year. But with 300,000 computers still at risk for losing Web access, should the FBI proceed with the July cutoff? Yes, F-Secure said.
"Sure, cutting off the DNS servers will cause some pain, but it just might be the fastest way to cure the remaining infections at this point," F-Secure noted. "And to be frank, sooner is better because these computers are vulnerable to other infections as long as they remain bots."
The problem dates back to November 2011, when the FBI seized and shut down about 100 servers that were infecting millions of computers with the DNSChanger Trojan. Infected machines had their Domain Name System (DNS) settings altered so websites would redirect to servers controlled by the criminals. The scammers reportedly earned millions in affiliate and referral fees by diverting users through those sites.
The FBI wanted to shut down the rogue servers, but if they did, infected computers would have lost access to the Internet immediately. So, the FBI got a court order to continue running the servers while people applied a patch. That court order was originally scheduled to expire on March 8, but was later extended to July 9. If infected machines are not fixed by then, their Internet connections will go dark after the servers are shut down.
In an effort to alert users to the perils of DNSChanger, Google and Facebook announced plans to display alerts to users they suspected of being infected.
How best to check for DNSChanger infections? There are a variety of options, though the DNS Changer Working Group has a quick check via dns-ok.us. If everything's clear, you'll see a green background. Those with potentially problematic connections will see a red background. Security firm McAfee has a similar website.
If you know your DNS settings, meanwhile, you can also check it out on the FBI's website.
If you are infected with DNSChanger, PCMag's Fahmida Rashid suggests that the average computer user seek the help of a computer professional to help with cleanup. For those who want to pursue the fix on their own, however, the Working Group has some suggestions for how to troubleshoot.
