On July 9, the FBI will close down a network of DNS servers that many people have been depending on for proper Internet access. These servers were originally a part of a scam where a crime ring of Estonian nationals developed and distributed a malware package called DNSChanger, but which the FBI seized and converted to a legitimate DNS service.
This malware scam has been widespread enough that even third-party companies like Google and Facebook and a number of ISPs like Comcast, COX, Verizon, and AT&T have joined in the effort to help remove it by issuing automatic notifications to users that their systems are configured with the rogue DNS network.
DNS (Domain Name System) is an Internet service that converts user-friendly domain names into the numerical Internet protocol (IP) addresses that computers use to talk to each other. When you enter a domain name, such as www.fbi.gov, in your web browser address bar, your computer contacts DNS servers to determine the IP address for the website. Your computer then uses this IP address to locate and connect to the website. DNS servers are operated by your Internet service provider (ISP) and are included in your computer’s network configuration. DNS and DNS Servers are a critical component of your computer’s operating environment—without them, you would not be able to access websites, send e-mail, or use any other Internet services.
Criminals have learned that if they can control a user’s DNS servers, they can control what sites the user connects to on the Internet. By controlling DNS, a criminal can get an unsuspecting user to connect to a fraudulent website or to interfere with that user’s online web browsing. One way criminals do this is by infecting computers with a class of malicious software (malware) called DNSChanger.In this scenario, the criminal uses the malware to change the user’s DNS server settings to replace the ISP’s good DNS servers with bad DNS servers operated by the criminal. A bad DNS server operated by a criminal is referred to as a rogue DNS server.
What Does DNSChanger Do to My Computer?
DNSChanger malware causes a computer to use rogue DNS servers in one of two ways. First, it changes the computer’s DNS server settings to replace the ISP’s good DNS servers with rogue DNS servers operated by the criminal. Second, it attempts to access devices on the victim’s small office/home office (SOHO) network that run a dynamic host configuration protocol (DHCP) server (eg. a router or home gateway). The malware attempts to access these devices using common default usernames and passwords and, if successful, changes the DNS servers these devices use from the ISP’s good DNS servers to rogue DNS servers operated by the criminals. This is a change that may impact all computers on the SOHOnetwork, even if those computers are not infected with the malware.
Am I Infected?
The best way to determine if your computer or SOHO router has been affected byDNSChanger is to have them evaluated by a computer professional. However, the following steps can help you gather information before consulting a computer professional.
Check For Infection by Visiting any of the following links:
How to Delete From your PC