DNSChanger – What is it and what do I do?

Back in March of this year, the news and media outlets were abuzz with talk about the next big malware threat to hit the world’s computers–DNSChanger. While millions of PCs are projected to be infected with this malware, many of those users will not even notice anything on their system has changed. So what is the big threat here then, and what should you potentially do about it? Read on to find out!

I suppose another big question to answer first is this: what exactly is DNS anyway (and why do I care if it changes)? DNS is an acronym that stands for Domain Name System. Computers rely heavily on DNS services to provide the user with web pages, such as the one you’re viewing right now. People prefer words because they’re easier to remember than numbers whereas machines such as your computer prefer working with numbers. When you type www.columbusdata.com into the browser’s address bar, DNS is actually doing all of the hard work behind the scenes by converting that user-friendly name into a string of numbers called an IP address. Without this DNS service in place to translate names into IP addresses, there would be no World Wide Web as we know it.

So what is happening now with the DNSChanger malware is malicious computer users have found ways to exploit security weaknesses in computers to change their computer’s DNS settings. Now, instead of the computer using good clean DNS servers, they are now using rogue DNS servers which are controlled by the remote malicious user. Since all website requests must go through DNS servers first, the malicious user has full control of what web pages it actually returns to you. As a purely theoretical example, say you type in www.ups.com to track a package that was shipped to you. If infected, the rogue DNS server could potentially display a website that looks like UPS, but in fact is a fake site designed to steal the information you enter in.

The FBI has gotten involved in this matter and is taking initiatives to help individuals whose computers may have become infected with this malware. They have set up a temporary network of good clean DNS servers to allow the users time to clean up their infected computers of the rogue DNS settings. The FBI has stated that this network of good DNS servers will remain online for four months and will be shut down sometime in July, so you may want to check your computers soon. If an infection is neglected, you may find yourself without any Internet service once the FBI shuts down their temporary network.

To see if your PC has the infection, visit http://www.dns-ok.us/.

A free utility from Kaspersky Labs called TDSSKiller can also be used to detect and remove some forms of this DNSChanger malware. You can download this utility here.

For further reading on this topic, an official document published by the FBI can be found here.

Regards and safe browsing!
Bryan Scott

This entry was posted in Our Blog and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Complete the math problem to add your comment. * Time limit is exhausted. Please reload the CAPTCHA.