By now you’ve probably heard about the “DNSChanger” malware, which has been highlighted in the media over the last few days. Basically, it’s a virus or “bot” that hijacks your computer’s DNS settings to redirect your legitimate traffic to fake sites in order to steal your personal information (such as user names, passwords and credit card numbers).
Last November, the FBI publicly identified the international cyber ring responsible for the attack. This link on the FBI website provides a good description about “Operation Ghost Click.”
When the FBI took action, they shut down the evasive DNS servers and turned on temporary “clean” DNS servers in order to give some time for victims to clean their affected computers and restore their normal DNS settings. However, on Monday, July 9, these temporary servers will be turned off. So, anyone who is still infected may be unable to access the Internet.
As an aside – the FBI outsourced the work of turning off the infected servers and turning on “clean” DNS servers to a company called Internet Systems Consortium (ISC). Paul Vixie is the Chairman and Founder of ISC, and provides an interesting behind the scenes look at their role in the DNSChanger episode.
The DNSChanger malware is not limited to PCs. Mac computers could also have been affected. And, it’s also possible that your home router has been accessed by this malware, so it’s best to check if you’ve been infected on all your computer equipment that connects to the Internet.
To check if your computer is infected, go to http://www.dcwg.org/. There you’ll find all the information you need to help you determine if you’re infected, and instructions on how to clean your computer.
Cable operators have been aware of this malware and are providing their customers with information about how to avoid this virus. Unfortunately, since the malware resides on your home equipment, consumers need to take action themselves to identify and correct the situation. The following are links to various cable operators’ websites describing the DNSChanger malware: