DNSChanger Malware on July 9: How to Check Up for Internet Virus
An internet virus called DNSChanger Malware is expected to knock off tens and thousands of internet users on Monday, July 9, 2012.
Back in November 8, 2011, the FBI, the NASA-OIG and Estonian police arrested several cyber criminals in “Operation Ghost Click” for distributing DNS changing viruses or more commonly known as DNSChanger Malware. They are variously known as TDSS, Alureon, TidServ and TDL4 viruses.
DNSChanger Malware changes user DNS settings, pointing victims to malicious DNS in data centers. The malicious DNS servers would give fake, malicious answers, altering user searches, and promoting fake and dangerous products. Since every web search starts with DNS, the malware showed users an altered version of the Internet.
The FBI shut down the scheme. However, the agency realized that turning off the malicious servers would cause infected computers to lose access to the Internet. To stay connected, the FBI set up two other servers, which have been connecting infected users to the Internet.
This solution is temporary, providing additional time for DNSChanger Malware victims to clean affected computers and restore their normal DNS settings. However, the two clean DNS servers will be turned off on July 9, 2012 at 12:01 a.m. EDT Monday and computers still impacted by DNSChanger may lose Internet connectivity at that time.
To check if your computers are infected with the DNSChanger Malware, FBI launched the DNS-OK.us website where Internet users can check whether or not their computers are infected by DNSChanger malware.
A “green” background like in the photo above means that the computer is safe while a “red” background means that it is infected and should be fixed immediately. Please note that this applies only to Windows users, so if you have an Apple computer, you’re fine.
The FBI has also set up a web address for virus check up if your computer is using a rogue DNS server. Simply determine your IP address and enter it on the space above ‘check your DNS’ to determine if your PC is infected or not.
PC World noted that the DNSChanger Malware not only infects computers but also routers. Any Internet user may visit a malware detection site from any computer in his home and all will register as being infected even though his router is only the infected.
For more information on how to detect your computer and fix a DNSChanger Malware infected PCs, check out DNS Changer Working Group at DCWG.org.