Warning: You Could Lose Your Internet Access!
Several hundred thousand computers (both PC and Mac) may soon lose access to the Internet, if they're not cleansed of a malware infection known as DNSChanger. The FBI has kept these infected machines alive since last November, but this life-support system will be unplugged soon. Here's the story and how you can avoid this potential catastrophe...
What is DNSChanger?
DNSChanger was created by a cabal of Estonian hackers in 2005. It changes an infected computer's Domain Name Service (DNS) settings, pointing DNS requests to bogus DNS servers operated by the bad guys. In simpler terms, DNSChanger modifies network settings on infected computers to redirect users from the websites they really want to visit, to sites that make money for the bad guys. Reportedly, the group earned over $14 million from this scheme, after infecting millions of computers worldwide.
The FBI and Estonian law enforcement agencies shut down the DNSChanger cabal in November 2011, arresting six out of the seven criminals involved. But shutting down the rogue DNS servers would have suddenly cut off all of those infected machines from the Internet. So the FBI got a court order permitting it to operate substitute DNS servers, buying time to get the infected computers cleaned up. Unfortunately, several hundred thousand affected users have not gotten the message.
The FBI's authority to operate these DNS servers was initially set to expire in March 2012, but it was extended by the court. These substitute DNS servers will expire on July 9, and the deadline will not be extended again. The DNSChanger malware can affect both PCs and Mac computers. Now is the time to check your computer to ensure that it is not infected by DNSChanger, and to take remedial action if it is.
Here's the bottom line: If your computer is affected by DNSChanger and you do nothing, you WILL lose access to the Internet on July 9th, 2012.
Check Your Computer for DNSChanger Infection
A number of online tools can tell you if your computer is getting its DNS from one of the bogus servers. Click on this DNSChanger Eye Chart link to test your computer. If you see a green background on the site, you're OK. If the background is red, your computer HAS been infected by DNSChanger. Note that performing this check does not scan your computer, does not install any software, and does not change any settings on your computer. It's just a simple web page that indicates whether or not you have the DNSChanger infection.
If your machine is infected, the first step is to eradicate DNSChanger. The official DNSChanger Working Group (DCWG) website contains information and a "fix" page with links to several free utilities that will do that job. Many Windows users find Kaspersky's TDSSKiller to be effective. Mac users can download the MacScan tool. I reommend that you don't do a Google search to find and download these tools, as you could stumble into a bigger mess. Download them from the DCWG fix page to be sure you're getting the real thing. (If you want to verify that the DCWG is legit, see this FBI bulletin which links to the DWCG website.)
After running the malware removal tool, make sure your computer is safe from future malware attacks. I recommend that you read my article on Free Anti-Virus Programs to learn more about protecting your computer.
Next, restore your computer's proper DNS settings. Instructions for changing DNS settings in Windows XP are here. For Windows 7, go here. You can either obtain your ISP's DNS server address automatically (recommended), or specify the IP addresses of specific primary and secondary DNS servers. The latter option is for using an alternative DNS service, as discussed in my article Alternative DNS Service. Your Internet service provider should be able to help with this step if you are not sure how to proceed.
Okay, now let's verify that all is well. Go back to the DNSChanger Eye Chart. If you still see red, you still have a problem. If you're certain that both the malware removal and DNS changes mentioned earlier were done correctly, then it's likely that your router's DNS settings have been altered by DNSChanger. You'll need to access the router's configuration utility and restore the proper DNS settings.
Because there are so many different routers, it's not practical to give generic instructions here. If your router was installed by your Internet service provider, they should be able to walk you through the necessary steps to fix the DNS settings. Failing that, a bit of googling (or reading your router's manual) should turn up some help.
Have you been affected by the DNSChanger malware? Post your comment or question below...
This article was posted by Bob Rankin on 24 Apr 2012
|For Fun: Buy Bob a Snickers.|
WPS Security Flaw: Are You Vulnerable?
The Top Twenty
Google Drive: Stash Your Stuff in the Cloud?
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Warning: You Could Lose Your Internet Access! (Posted: 24 Apr 2012)
Copyright © 2005 - Bob Rankin - All Rights Reserved