On Monday morning, you may not be able to log on to the Internet. The FBI plans to discontinue a safety net it set up to protect computer users from a hacker group that had been surreptitiously redirecting PCs to Web sites they operated.
The DNSChanger virus affected well more than a half-million computers when the FBI and other authorities took down the international cybercriminal ring last winter. At that point, the FBI was left with a quandary: The virus redirected PCs to DNS Internet servers operated by the ring, and if they were disconnected suddenly, those PCs would no longer be able to use the Internet.
So, the FBI arranged to replace those servers with ones that operated correctly, as a safety net to give computer users time to rid their PCs of the virus.
But now, time is up. Those servers cost the government money, so they're being disconnected Monday, July 9.
At this point, the FBI estimates more than 277,000 computers worldwide remain infected, with about 63,000 of those in the U.S. That's a tiny fractional percentage of the billions of PCs worldwide, but thousands nonetheless.
DNSChanger was a Trojan created by cybercriminals to redirect the Internet traffic of millions of unsuspecting consumers to Web sites where the thieves profited from advertisements.
Understanding the Problem
Domain Name System (DNS) servers convert user-friendly Web site names into the numeric Internet Protocol (IP) addresses that computers use to talk to each other. When users enter Web site names into their browsers, their computers contact DNS servers.
If users' computers have the wrong settings to find those DNS servers, they will not be able to access Web sites, send e-mail or use Internet services.
Serious Threat or Not?
Gunter Ollmann, VP of research at Damballa, a company that specializes in advanced threat-protection software, told us the DNSChanger malware was successfully operated by criminals for quite some time before the FBI took it down.
"The DNSChanger malware silently altered key settings on the victims' computers, allowing the criminals to monetize the way their victims surfed the Web," Ollmann said.
"As to the seriousness of this situation, in the grand scale of Internet crime and the monetization of victims, DNSChanger is not a serious threat," he said. "But it is an interesting footnote in the success of law enforcement actively taking down a large botnet."
While the DNSChanger was able to make illegal profits for the cybercriminals behind it, it wasn't as threatening as malware that steals user identities or withdraws money from online bank accounts. (continued...)
Posted: 2012-07-08 @ 11:39pm PT
thanks for sharing the information
Posted: 2012-07-08 @ 7:17am PT
If you have it, Kaspersky Lab this will take care of all infected viruses.
Albert G Engel:
Posted: 2012-07-07 @ 2:30pm PT
Thank you for the description and McAfee info.
Posted: 2012-07-07 @ 12:36pm PT
If you need to repair DNS and remove DNS Changer malware this page here will help: http://botcrawl.com/how-to-remove-dns-changer-malware-rover-digital-and-repair-dns-server-settings/