DNSChanger Malware Kills Internet Connection: FBI

Spider

Administrator
Staff member
Mar 24, 2011
15,781
1,812
The Federal Bureau of Investigation (FBI) says that computers infected with a particular type of malware could lose their Internet connections this coming summer. Fortunately, there appears to be relatively simple solution for the problem.
According to the FBI, computers infected with the malware called "DNSChanger," which first emerged in 2007 and which has since infected millions of computers worldwide, could go offline in July, 2012, until repaired.

Cybercriminals Have Re-Routed Internet Traffic
Normally, when a computer user enters a web address into their browser, their computer instantly contacts one of many legitimate Domain Name System (DNS) servers attached to the Internet. The DNS server then supplies the computer with the specific Internet Protocol (IP) address of the named website.
That's where the computer connects to obtain the web page it displays.
DNSChanger interferes with this normal Internet communication by directing an infected computer not to real DNS servers, but to rogue DNS servers set up by cybercriminals.
Those servers supply incorrect IP addresses, effectively directing unsuspecting computer users to whatever sites the criminals wish, rather than the desired sites. (Source: cnet.com)
The cybercriminals behind DNSChanger were successfully targeted last year by the FBI, and authorities were able to seize the rogue servers.
But because security experts estimated that hundreds of thousands of unsuspecting computers were infected with the virus, all of which were innocently seeking IP information from the rogue servers, the FBI opted to correct the IP address information on the rogue servers, rather than simply shut them down.

Rogue Servers Soon To Be Shut Down, No More Web Surfing
Unfortunately, running these servers is expensive. To cut costs, the government has decided to shut down the once-rogue servers this July. As a result, all the computers still infected with the DNSChanger malware will be cut off from the Internet, and will continue seeking IP information from DNS servers no longer in operation.
According to experts, some 450,000 systems are still infected with the DNSChanger malware, and will no longer know how to surf the web once these servers stop operating.
If you're concerned your computer could be affected by this shutdown, the FBI suggests visiting the DNSChanger Working Group (DCWG) website. DCWG has been keeping up the servers this past year, and can help people find out whether or not their systems are infected, and remove the problem malware.
To find out if your system is infected with DNSChanger, visit www.dcwg.org before July 9 -- the day those once-rogue servers are set to be shut down. If your computer is not infected, you need do nothing. If it is infected, follow directions from the authorized site to clean it up. (Source: pcmag.com)


 
by John Lister on 20120706 @ 11:16AM EST |

People whose computers are infected with the 'DNS Changer' virus will lose access to the Internet on Monday, July 9, 2012, unless they take steps to remedy the situation.

Right now the Federal Bureau of Investigation is wrapping up an operation designed to help such victims maintain their online connections.

DNS Changer is named after the domain name system that helps translate website addresses (such as MS Windows, Tech News, and Freeware Daily / Infopackets.com) into a string of numbers known as an IP address, which is the way computers actually identify the machine where a particular website is physically stored.

'DNS Changer' Uses Misdirection
This process works through special computers known as DNS servers, effectively the Internet's version of a telephone directory. DNS servers carry a constantly updated list containing the correct IP address for each individual website.
Normally a user seeking a website first accesses a legitimate DNS server operated by their Internet provider and obtains the desired site's correct IP address.
The DNS Changer virus, however, caused infected computers to instead access a fraudulent DNS server operated by the people controlling the virus.
This rogue DNS server contained bogus IP addresses, so when a user thought he or she was visiting a legitimate website, such as an online bank or retailer, they were actually visiting a phony site controlled by the scammers.
Usually this site was set up to look like the legitimate website, in hopes of tricking the user into providing their user name, password, and even credit card details. This information is passed immediately to the fraudsters instead of to the intended, legitimate website.

FBI's Temporary Solution Coming to an End
DNS Changer was widespread in 2009, but in 2011 the FBI arrested those suspected of participating in the scheme and -- for technical reasons -- obtained court authorization to continue operating the fraudulent DNS servers after loading them with accurate IP addresses.
As a result, infected computers already programmed to look for the fraudulent DNS servers could continue to do so, but would now receive correct IP address information from the FBI. Thus, those computers resumed operating normally. (Source: fbi.gov)
This measure was always intended to be temporary and is set to be switched off on Monday.

Typing in IP Address Only Way to Access Websites
When that happens, every computer still infected with the DNS Changer virus will keep looking for the fraudulent DNS servers, which will no longer be available. Cut off from the IP addresses of any and all websites, infected computers will no longer be capable of surfing the web.
The only way users of these computers will then be able to visit a website will be by typing in its actual IP address. (Source: slashgear.com)

Most reputable antivirus security software can detect and remove DNS Changer. This means that any users who don't have regularly scheduled virus scans may find it worthwhile to run a manual scan before Monday, just in case.

As a service to the public, the FBI maintains websites that can check a computer for the DNS Changer virus and help those still infected get rid of it.

You can find a site providing this service by browsing to: https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS.
 
Back
Top