Hundreds of thousands of Windows PCs and Macs might lose Internet accessibility starting today unless infected machines get rid of the exceedingly harmful DNSChanger malware, which first appeared in 2007.
In 2011, The U.S. Federal Burea of Investigation (FBI) caught and shuttered all operations by the group of cybercriminals who were responsible for the malicious software. Right after, the FBI handled directly, but briefly, the entire online Domain Name System (DNS) routing for infected Windows PCs and Macs.
Earlier this year, the federal agency transferred DNS routing responsibilities to a nonprofit group called Internet Systems Consortium. The organization, however, will stop the complimentary service starting today. This means that if you have one of the thousands of computers where DNSChanger still resides, you must fix it immediately to avoid blocking up Internet connectivity.
How DNSChanger Works
The malware reroutes compromised computers through third-party servers managed by a criminal ring established in Eastern Europe. DNSChanger did this successfully by exploiting the DNS service of the Internet. DNS servers act as phonebooks for the online world. These domain name servers convert plain text web addresses that you enter on any browser into a string of numbers: Internet Protocol addresses. IP addresses help computers interlink with each other and move across the Internet. Essentially, personal and business Internet connections have their own designated IPs, which means all websites have unique IP addresses.
This brings us to the point that cybercriminals cannot access or intercept your DNS for security purposes. Malware creators who have complete control on your computer’s DNS usage can perform pernicious modifications. They can reroute your computer to access malicious websites that could contain another set of malware. They could also drop more malware to your computer or try to steal data such as user login information and credentials.
According to the DNSChanger Working Group (DCWG, a pool comprised of private companies, academic institutions and other organizations), changing a system’s DNS was only one of its several functions. The group says it is likely that DNSChanger could also capture keystrokes, known as keylogging.
In June 11 this year, the group found over 300,000 unique Internet Protocol addresses worldwide infected with the DNSChanger malware. Almost 70,000 of those IPs came from the U.S. Note: While an IP address counts as one main Internet connection, it can comprise of multiple Windows PCs or Macs.
You may already have received an early warning but did not take notice. Infected computers who recently visited Google or Facebook should have notifications that something wrong is going on with your computer. It probably sent you a DNSChanger warning in particular. Both Internet giants are posting notifications to systems found with DNSChanger malware and providing instructions on what to do next to do away with the infection. Internet Service Providers (ISPs) may have warned you about this as well.
Another method to determine if a computer has DNSChanger or not involves visiting one of the many detection sites put up by the DCWG. These websites will not require users to download any software nor provide hard drive scanning. For example, on the detection website link provided above, infected computers will see a red color while clean PCs and Macs will see green.
However, the result will not mean you are free from DNSChanger altogether. The malware can also infect routers. This means all of your computers at home could be ‘infected’, even though the real reason for the notification is your infected router.
To ensure that your computer is clean, personally check your system’s DNS settings without depending upon a third-party website.
DNSChanger Removal For Infected Computers
If you have found that your computer runs DNSChanger malware, the DCWG has conveniently listed free removal tools from major computer security companies including Kaspersky, McAfee, MacScan, Symantec and Trend Micro, including a Microsoft tool.
Keep in mind that you have to backup personal files prior to running a particular tool. The DNSChanger Working Group highly recommends that infected users purchase or switch to a new PC if plans to upgrade their system are already in place. If this is too hefty for you, consider buying a new hard drive instead.
Alternatively, the safest bet for those who want to stick with their PCs is to backup files, reformat the hard drive and install the operating system all over again.
If the router was the culprit, find assistance from your Internet Service Provider.
Fortunately, DNSChanger infections are not as far-flung as they were earlier this year, especially when the malware’s victims included 50 percent of all Fortune 500 companies.
Did you check yours already? How did you do it? Share your ideas and experience on the comments section below.