DNS Changer Malware and July 9, 2012

There’s a lot of discussion on the DNSChanger malware, with some articles using eye-catching headlines such as “malware may knock thousands off Internet on Monday.” I did some research on this topic and below are the facts around this malware.

What is DNS Changer

The DNSChanger malware was created in 2007. The affected computers had their DNS settings altered so that everytime that computer access the internet, it uses cybercriminal’s DNS server. The end result was that users would see unwanted ads, as well as being redirected to sites that were not their intended targets.

The cybercriminals were caught in November 2011. Due to the large number of computers, however, it was not possible for authorities to contact everyone to make sure people reset their DNS settings. Therefore, the FBI put in a temporary solution, which is to set up replacement servers so that people who were affected can continue to access the internet. Meanwhile, an educational campaign was launched to educate users about this malware, and the DCWG (DNS Changer Working Group) was formed to achieve this.

Significance of July 9, 2012

So what’s the issue with July 9th? Well, July 9th is the date when the FBI-backed servers will go offline. At that time, people who still had their DNS settings pointing to the rogue DNS server address would no longer be able to access the internet.

DNS Changer Check

The best way to check to see if you are affected is to go to http://www.dns-ok.us. As soon as you go in, you’ll get a message that tells you whether your computer is infected with the DNS Changer malware or not. There is no download and no waiting.

DNS Changer Fix

If your computer is infected, many of current antivirus solutions such as Norton can remove this malware. The DCWG (DNS Changer Working Group) has also put up a page at http://www.dcwg.org/fix/ to tell people how to fix this issue.

Summary

In reality, DNS Changer is not a new threat, and this malware can easily be caught and removed by existing antivirus software. The number of computers estimated to be still infected worldwide is about 250,000 – 300,000, which is not really high considering the number of PC’s in the world is on the order of billions. It’s definitely a good idea to use the website above to check to see if your computer is infected, even if you have antivirus protection already. But no, July 9, 2012 will not be a big day in cyber security as some people have suggested.