This morning I had an email from a student asking about the the DNS Changer Malware and if she should be concerned about losing the Internet this coming Monday.
That reminded me that it might be a good idea to post a quick article about DNS Changer, in case you’ve missed the news this past year.
Here’s the story…
Back in early 2007, a group of cyber thieves released a malware infection called DNSChanger which infected 4 to 5 million computers in over 100 different countries around the world. In the U.S., it was estimated that about 500,000 computers were infected, including those of home users, businesses, and even government organizations (like NASA).
The criminals who released the malware did so to redirect infected computers to rogue servers they controlled. Once redirected, users would not end up on the site they typed in, but instead would be taken to a site similar to their target, but with products and advertising that the theives would make affiliate commissions on.
What’s DNS? Whenever you type in a “www.something.com” address, a computer called a DNS server translates the text address you typed into an Internet address number (called an IP Address) that looks like this… 126.96.36.199. The DNS Changer malware changed the infected computer DNS server to the rouge servers I’ve mentioned.
For example, if you had clicked a link wanting to go to HP Computers, the rogue server would instead direct you to another site not related to HP, but selling their products. The cyber criminals reportedly made millions of dollars in affiliate commissions this way.
In addition, in many infected machines, the DNSChanger would prevent Windows and Anti-Virus software updates, potentially leaving the computer vulnerable to to other virus and malware related programs.
But then the FBI stepped in…
In November of 2011, after a long investigation, the FBI seized and shut down almost 100 rogue servers related to the DNSChanger infection, and arrested and charged the criminals with operating a sophisticated Internet fraud ring. But during the process, the FBI determined that if they shut down ALL the rogue servers, millions of infected computers would immediately have lost access to the Internet.
To prevent this sudden loss of access, the FBI instead got a court order to continue running the rouge servers (which now were redirecting users to the correct sites) until infected machines could be patched and fixed.
Originally, the court order allowing the FBI to run the rogue servers was to expire on March 8th of this year, but it was extended to July 9th to give infected users more time to make the fix.
So now July 9th is just around the corner, which means that if you ARE infected, your Internet could be cut this coming Monday, forcing you to call your Internet provider (such as Cox or Road Runner) and get help in deleting the malware and reconnecting.
The good news is, that will all the news warnings (including alerts by Facebook and Google), the FBI estimates that the number of infected computers worldwide is now only about 277,000, and the number in the U.S. just about 64,000.
So chances are, you’re just fine.
But, is there a way you can check? Well, yes there is.
The DNS Changer Working Group (DCWG) is a security partner of the FBI, and has setup a web site where you can quickly have your computer checked (without downloading any software). Then, if you ARE infected, they provide directions on how to remove the DNS Changer Malware.
The address is…
When you arrive, you’ll see the screen shown here. To check your computer, you’ll want to click the DETECT button, which takes you to a page where you can start the check. It only takes a few seconds to complete.
As I’ve already mentioned, there’s a good chance that your computer is NOT infected, but it certainly won’t hurt to visit the DCWG site and check to make sure.
But this leads me to one final point.
As with most virus and malware infections, the best defense is knowing the basics of how to keep your computer safe so that you do not get infected in the first place.
Many of you who have subscribed to the DiscoverSkills eNewsletter (CLICK HERE to subscribe, if you haven’t) have seen my 6-part series on Staying Safe.
You can also get the book that we use in our Lincoln computer class called “Staying Safe on the Internet“. CLICK HERE if you would like to read more about it.That’s it for now… I sure hope you have a “good Monday”!
As always, I’d love to hear your experiences or comments. You can leave them below…