DNS Changer Virus: Internet Access to be Cut July 9

Dennis Faas's picture

People whose computers are infected with the 'DNS Changer' virus will lose access to the Internet on Monday, July 9, 2012,  unless they take steps to remedy the situation.

Right now the Federal Bureau of Investigation is wrapping up an operation designed to help such victims maintain their online connections.

DNS Changer is named after the domain name system that helps translate website addresses (such as www.infopackets.com) into a string of numbers known as an IP address, which is the way computers actually identify the machine where a particular website is physically stored.

'DNS Changer' Uses Misdirection

This process works through special computers known as DNS servers, effectively the Internet's version of a telephone directory. DNS servers carry a constantly updated list containing the correct IP address for each individual website.

Normally a user seeking a website first accesses a legitimate DNS server operated by their Internet provider and obtains the desired site's correct IP address.

The DNS Changer virus, however, caused infected computers to instead access a fraudulent DNS server operated by the people controlling the virus.

This rogue DNS server contained bogus IP addresses, so when a user thought he or she was visiting a legitimate website, such as an online bank or retailer, they were actually visiting a phony site controlled by the scammers.

Usually this site was set up to look like the legitimate website, in hopes of tricking the user into providing their user name, password, and even credit card details. This information is passed immediately to the fraudsters instead of to the intended, legitimate website.

FBI's Temporary Solution Coming to an End

DNS Changer was widespread in 2009, but in 2011 the FBI arrested those suspected of participating in the scheme and -- for technical reasons -- obtained court authorization to continue operating the fraudulent DNS servers after loading them with accurate IP addresses.

As a result, infected computers already programmed to look for the fraudulent DNS servers could continue to do so, but would now receive correct IP address information from the FBI. Thus, those computers resumed operating normally. (Source: fbi.gov)

This measure was always intended to be temporary and is set to be switched off on Monday.

Typing in IP Address Only Way to Access Websites

When that happens, every computer still infected with the DNS Changer virus will keep looking for the fraudulent DNS servers, which will no longer be available. Cut off from the IP addresses of any and all websites, infected computers will no longer be capable of surfing the web.

The only way users of these computers will then be able to visit a website will be by typing in its actual IP address. (Source: slashgear.com)

Most reputable antivirus security software can detect and remove DNS Changer. This means that any users who don't have regularly scheduled virus scans may find it worthwhile to run a manual scan before Monday, just in case.

As a service to the public, the FBI maintains websites that can check a computer for the DNS Changer virus and help those still infected get rid of it.

You can find a site providing this service by browsing to: https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS.

Rate this article: 
No votes yet