DNSChanger Malware Kills Internet Connection: FBI

Dennis Faas's picture

The Federal Bureau of Investigation (FBI) says that computers infected with a particular type of malware could lose their Internet connections this coming summer. Fortunately, there appears to be relatively simple solution for the problem.

According to the FBI, computers infected with the malware called "DNSChanger," which first emerged in 2007 and which has since infected millions of computers worldwide, could go offline in July, 2012, until repaired.

Cybercriminals Have Re-Routed Internet Traffic

Normally, when a computer user enters a web address into their browser, their computer instantly contacts one of many legitimate Domain Name System (DNS) servers attached to the Internet. The DNS server then supplies the computer with the specific Internet Protocol (IP) address of the named website.

That's where the computer connects to obtain the web page it displays.

DNSChanger interferes with this normal Internet communication by directing an infected computer not to real DNS servers, but to rogue DNS servers set up by cybercriminals.

Those servers supply incorrect IP addresses, effectively directing unsuspecting computer users to whatever sites the criminals wish, rather than the desired sites. (Source: cnet.com)

The cybercriminals behind DNSChanger were successfully targeted last year by the FBI, and authorities were able to seize the rogue servers.

But because security experts estimated that hundreds of thousands of unsuspecting computers were infected with the virus, all of which were innocently seeking IP information from the rogue servers, the FBI opted to correct the IP address information on the rogue servers, rather than simply shut them down.

Rogue Servers Soon To Be Shut Down, No More Web Surfing

Unfortunately, running these servers is expensive. To cut costs, the government has decided to shut down the once-rogue servers this July. As a result, all the computers still infected with the DNSChanger malware will be cut off from the Internet, and will continue seeking IP information from DNS servers no longer in operation.

According to experts, some 450,000 systems are still infected with the DNSChanger malware, and will no longer know how to surf the web once these servers stop operating.

If you're concerned your computer could be affected by this shutdown, the FBI suggests visiting the DNSChanger Working Group (DCWG) website. DCWG has been keeping up the servers this past year, and can help people find out whether or not their systems are infected, and remove the problem malware.

To find out if your system is infected with DNSChanger, visit www.dcwg.org before July 9 -- the day those once-rogue servers are set to be shut down. If your computer is not infected, you need do nothing. If it is infected, follow directions from the authorized site to clean it up. (Source: pcmag.com)

Rate this article: 
No votes yet