FBI to pull plug on DNSChanger

May 23rd, 2012

The Internet has become one of the most important tools in our personal and professional lives. It’s hard to imagine what life would be like without it. There’s a chance that may happen for users who’ve been infected by the DNSChanger Trojan. This nasty Trojan has infected many computers around the world and has forced the FBI to take drastic action.

While the source of DNSChanger has been removed, essentially killing it. There are still infected users out there who may have their Internet cut off in July if they don’t deal with it by then.

What is DNSChanger?
DNSChanger is a Trojan that hijacks a user’s Internet, at the most basic level, the DNS. If a user enters a web address, DNSChanger will return a similar looking page, but with ads that are owned by hackers. Thus allowing them to manipulate online advertising to make money, around USD 14 million by the time they were shut down.

Aside from that, it also prevents users from visiting security websites, like mcafee.com, and downloading program and OS updates. As many as four million computers, including some Fortune 500 and government computers, have been infected worldwide.

What’s a DNS?
A DNS – Domain Name System – is a cruical service that converts domain names like www.google.com into code that computers can understand. The DNS essentially makes it easier for computers to talk with one another. Without it, any program or action that uses the Internet wouldn’t work.

What did the FBI do?
Because the malware affects the DNS, the FBI couldn’t just shut down the servers that the infected users’ computers talk to, as they wouldn’t be able to access any Web pages. So, they replaced the DNS servers that the hackers used with new ones. These servers will go offline in July, at which time, any user still connecting to the DNS servers, or who is still infected irregardless of their location, could be affected.

What should I do?
If you’re infected by this malware, and don’t remove it by July 9, your Internet access could be shut down. To prevent this, it’s important to contact your IT service provider and work with them to ensure your systems are clean, and security’s up to date.

Update

Google plans to warn users they are infected by DNSChanger. When a user accesses one of Google’s functions, like search, Google will show a message informing the users they may be infected and give some tips on how to get rid of it.

If you think your systems or network aren’t secure enough, please contact us, we are ready to help.

Published with permission from TechAdvisory.org. Source.


Leave a comment!

You must be logged in to post a comment.