Warning: You Could Lose Your Internet Access!

Category: Security

Several hundred thousand computers (both PC and Mac) may soon lose access to the Internet, if they're not cleansed of a malware infection known as DNSChanger. The FBI has kept these infected machines alive since last November, but this life-support system will be unplugged soon. Here's the story and how you can avoid this potential catastrophe...

What is DNSChanger?

DNSChanger was created by a cabal of Estonian hackers in 2005. It changes an infected computer's Domain Name Service (DNS) settings, pointing DNS requests to bogus DNS servers operated by the bad guys. In simpler terms, DNSChanger modifies network settings on infected computers to redirect users from the websites they really want to visit, to sites that make money for the bad guys. Reportedly, the group earned over $14 million from this scheme, after infecting millions of computers worldwide.

The FBI and Estonian law enforcement agencies shut down the DNSChanger cabal in November 2011, arresting six out of the seven criminals involved. But shutting down the rogue DNS servers would have suddenly cut off all of those infected machines from the Internet. So the FBI got a court order permitting it to operate substitute DNS servers, buying time to get the infected computers cleaned up. Unfortunately, several hundred thousand affected users have not gotten the message.
DNSChanger Infection

The FBI's authority to operate these DNS servers was initially set to expire in March 2012, but it was extended by the court. These substitute DNS servers will expire on July 9, and the deadline will not be extended again. The DNSChanger malware can affect both PCs and Mac computers. Now is the time to check your computer to ensure that it is not infected by DNSChanger, and to take remedial action if it is.

Here's the bottom line: If your computer is affected by DNSChanger and you do nothing, you WILL lose access to the Internet on July 9th, 2012.

Check Your Computer for DNSChanger Infection

A number of online tools can tell you if your computer is getting its DNS from one of the bogus servers. Click on this DNSChanger Eye Chart link to test your computer. If you see a green background on the site, you're OK. If the background is red, your computer HAS been infected by DNSChanger. Note that performing this check does not scan your computer, does not install any software, and does not change any settings on your computer. It's just a simple web page that indicates whether or not you have the DNSChanger infection.

If your machine is infected, the first step is to eradicate DNSChanger. The official DNSChanger Working Group (DCWG) website contains information and a "fix" page with links to several free utilities that will do that job. Many Windows users find Kaspersky's TDSSKiller to be effective. Mac users can download the MacScan tool. I reommend that you don't do a Google search to find and download these tools, as you could stumble into a bigger mess. Download them from the DCWG fix page to be sure you're getting the real thing. (If you want to verify that the DCWG is legit, see this FBI bulletin which links to the DWCG website.)

After running the malware removal tool, make sure your computer is safe from future malware attacks. I recommend that you read my article on Free Anti-Virus Programs to learn more about protecting your computer.

Next, restore your computer's proper DNS settings. Instructions for changing DNS settings in Windows XP are here. For Windows 7, go here. You can either obtain your ISP's DNS server address automatically (recommended), or specify the IP addresses of specific primary and secondary DNS servers. The latter option is for using an alternative DNS service, as discussed in my article Alternative DNS Service. Your Internet service provider should be able to help with this step if you are not sure how to proceed.

Okay, now let's verify that all is well. Go back to the DNSChanger Eye Chart. If you still see red, you still have a problem. If you're certain that both the malware removal and DNS changes mentioned earlier were done correctly, then it's likely that your router's DNS settings have been altered by DNSChanger. You'll need to access the router's configuration utility and restore the proper DNS settings.

English Conversation for Informatic...
English Conversation for Informatics Engineering: Cyber-Physical Security Risks

Because there are so many different routers, it's not practical to give generic instructions here. If your router was installed by your Internet service provider, they should be able to walk you through the necessary steps to fix the DNS settings. Failing that, a bit of googling (or reading your router's manual) should turn up some help.

Have you been affected by the DNSChanger malware? Post your comment or question below...

 
Ask Your Computer or Internet Question

 
  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 24 Apr 2012


For Fun: Buy Bob a Snickers.

Prev Article:
WPS Security Flaw: Are You Vulnerable?

The Top Twenty
Next Article:
Google Drive: Stash Your Stuff in the Cloud?

Most recent comments on "Warning: You Could Lose Your Internet Access!"

Posted by:

Pam
24 Apr 2012

Thank you for this article, Bob. I just checked my desktop computer and am on my way to the laptop next. I also posted it on Facebook. I told my friends: "Bob Rankin is a source I trust completely." (As an old English teacher, I also LOVED the side note on spelling, punctuation, grammar and proper use of UPPER/lower case.)


Posted by:

Peter Skwarczynski
24 Apr 2012

If anybody wants a 2nd opinion ...
there is also a Canadian site (published in the Toronto Star newspaper today) DNS-OK.ca


Posted by:

ManoaHi
24 Apr 2012

There is one thing to note, however, even if the scans show green, you could still be infected. All this means is that the current DNS being used is not the fake one.


Posted by:

Snert
24 Apr 2012

Thank you once again, Mr. Bob!
I had a RED alert and it was TDSSKiller to the rescue.


Posted by:

Bob Deloyd
24 Apr 2012

I just shared this article on FaceBook...
Thanks Bob!!!


Posted by:

PSinAZ
24 Apr 2012

Wow... how could I not know this? I'll be checking our computers asap. As usual your e-mail article is helpful and relevant. There are very few people I trust for accurate computer information, and you are right there at the top of that list. Thanks again.


Posted by:

John Hendrickson
24 Apr 2012

As usual, when reading one of these type stories, I look to see what it says whether my Nortons or Macafee take care of this. Bob, you put nothing one way or the other. I still do not know. Most of us who have these type of utilities wonder right off the bat whether or not they have kept us safe. It would not hurt to mention that right of the top.

EDITOR'S NOTE: You can find out, if you use the DNSChanger Eye Chart tool I mentioned...


Posted by:

Sheila
24 Apr 2012

Thank you so much for wanting to help us with what Estonian hackers are doing. I wish I had the power to stop everyone from hurting us. grr. I checked my desktop, YAY! \0/ Green as St. Patrick's Day. Now on to my Contacts in Facebook. Wow, you know a lot of stuff and keep up with the latest. I'm glad I've subscribed to your newsletter years ago. You have saved me and my comp. And my pc hugs you. ;]


Posted by:

MmeMoxie
24 Apr 2012

Once again ... THANK YOU!!! I love getting your newsletters, mainly because they keep me informed, of what is really going on. I find that you are as unbiased, as them come. Your knowledge amazes me and what makes it even better ... You DO listen to others!

So many programs, that I have tried and use to this day, have come from your suggestions. Plus, these programs are being passed on, to all my family and friends, by my recommendations. When I repair computers for family or friends, I utilize these programs, to make life easier for them and in return, their computers are much safer, for it.

Again, Thank You!!! I am a REAL fan of yours and always will be. :O)


Posted by:

MmeMoxie
24 Apr 2012

I forgot to say, I checked out my computer using the DNSCharger Eye Chart and I am in the "green."

The reason, I am in the "green", is because I have listened and used the programs, you have suggested over the years. :O)


Posted by:

john veillon
25 Apr 2012

thank you BOB...my computer checks out OK....thank you also for keeping us in the "know".


Posted by:

Tony Leppard
25 Apr 2012

I commend you Bob for all the valuable advice you relay to us. I avidly read your letters and follow your advice in full trust. I recommend you to all my computer friends and acquaintances for this is the wy I learnt about you.


Posted by:

Athlonite
25 Apr 2012

Thanks Bob! for this useful update on this horrible malware. It seems I won't be losing my internet connection come July as I passed all the tests required to see Green. Also checked with the .CA pages (from the FBI's page) to make sure all is well.
Thanks again and will forward and ask my friends and family to also verify their machines.


Posted by:

Heidi
25 Apr 2012

You're an amazing wealth of information. Thanks for keeping us updated and safe.


Posted by:

Michael Hassan
25 Apr 2012

Bob is one of the truly great values out there in cyber land. Absolutely no reason to NOT have Bob's newsletter coming to you. I read it as soon as it lands. It's like having a mentor. Thanks Bob.


Posted by:

John D.
25 Apr 2012

I was just wondering, is Windows Vista immune to this situation? I tested Green however.

EDITOR'S NOTE: Definitely not.


Posted by:

Sue M
26 Apr 2012

Ran this test and came out GREEN. I was so glad that I did, I had to share this on my FaceBook page. Thank You so much Bob. You're the Best!


Posted by:

Dmytro
26 Apr 2012

Useful article. If one got the red light on the test, how he could have been infected(mail, visiting a specific web-page)?


Posted by:

Melvin Morrow
26 Apr 2012

Best source of computer info around. I installed malwarebytes s/w many months ago and kept it updated. Their tech spt staff says doing this should prevent my PC from being infected. I am with hope this is true. I have read a number of articles about this dnschanger and none were as clear as Bob's. Thanks much for what you do!!!!!


Posted by:

Diana
09 Jul 2012

I couldn't get the link to work. Is it expired? Or is this just a glitch?


Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.


Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
About Us     Privacy Policy     RSS/XML


Article information: AskBobRankin -- Warning: You Could Lose Your Internet Access! (Posted: 24 Apr 2012)
Source: https://askbobrankin.com/warning_you_could_lose_your_internet_access.html
Copyright © 2005 - Bob Rankin - All Rights Reserved