Header Ads

/ / /

What is the DNSChanger Malware and what can be done to prevent it?

July 07, 2012


DNSChanger malware is a classified as computer Trojan (a Trojan is similar to a virus, except that it does not replicate itself, it appears legitimate but performs some illicit activity on the computer system when it is run or can allow somebody from a remote site to take control of the computer).

When you’re infected by this DNSChanger, it changes computer’s Domain Name Server (DNS) to replace the ISP’s provided good DNS servers with rogue DNS servers operated by the DNSChanger author or criminal, in order to divert traffic to unsolicited, and potentially fake/illegal sites in order to steal some personal information (such as user names, passwords and credit card numbers). Viruses and Trojans have been infecting computers almost as long as computers have been in businesses. Some are relatively harmless, while others bring systems down. DNSChanger Trojan was malicious enough to force the FBI to step in.

For infected users, this could mean that their Internet won’t work after July 9, 2012.

Why is it July 9?
In November 2011, in the “Operation Ghost Click” (Reference 3), FBI successfully shut down the DNSChanger Botnet. According to a court order, in order to avoid the infected computers to lost connection with Internet immediately, FBI was authorized to set up a number of temporary DNS server to maintain the DNS services for the victims to solve this issue within 120 days. This order would be expired on July 9, 2012.

If FBI decides to close these temporary DNS servers as scheduled, several millions of the DNSChanger bots worldwide would not able to connect to the Internet. To properly handle this problem, we must help the victims to clean up the malware as soon as possible.

Which gadgets are vulnerable?
The DNSChanger is targeting Windows PCs to other platforms that include the Mac OS and home routers as well; mobile devices may also be affected.

How does it affect customers and how does one know if his PC or gadget has been infected?
To figure out whether you’ve been infected with DNSChanger, just visit www.dns-ok.ca. This website checks your computer settings to see if it’s infected with DNSChanger. If the screen is green, you’re not affected. If the screen is red, your computer is infected with the DNS Changer malware. Perform this check on all the computers/laptops within your household.

What can be done to prevent it?
You can be protected by DNSChanger infection if you are using latest Anti-virus/Anti-malware software. Most commercial-grade Anti-virus software out there (like McAfee, Symantec, Trend-Micro, F-Secure, etc.) can detect and remove this DNSChanger Trojan.

Manual Checking/Detection of DNSChanger malware in your computer:
Windows

  1. Click Start
  2. Open the Command Window
    • (For Windows 7) Type cmd at the search bar
    • (For Windows XP) Click Run, then type cmd at the bar
  3. Type ipconfig /all
  4. Search for the DNS Servers section

Mac OS X

  1. Click the Apple icon an the top left of the screen
  2. Select System Preferences
  3. Locate the “Network” icon
  4. Read the “DNS Server” line

Ensure that the DNS Servers are not within the following range of Internet Protocols (IPs):

  • 85.255.112.0 through 85.255.127.255
  • 67.210.0.0 through 67.210.15.255
  • 93.188.160.0 through 93.188.167.255
  • 77.67.83.0 through 77.67.83.255
  • 213.109.64.0 through 213.109.79.255
  • 64.28.176.0 through 64.28.191.255

If the DNSChanger is detected, users may then use any of the following software to clean the infection:

Alternatively, subscribers may also visit the following sites to their system checked automatically

For more information on DNSChanger, visit the official DCWG website at www.dcwg.org.

Back to top

Top trending post

Share This


No comments:

Subscribe to: Post Comments ( Atom )
Powered by Blogger.