DNSChanger Malware – Is Your Computer One Of Over 10,000 Affected?
Could your computer or networking equipment be one of more than 10,000 that are still affected by the “DNSChanger” malware from last year?
Let me first explain what DNS is, and then explain this amazing situation – which has left the FBI holding the bag, and over 10,000 users in Australia and New Zealand potentially in the lurch, with no access to the Internet after July 9 2012.
What is DNS? A crash course!
Think of DNS like a big telephone directory service! It does all the hard work, so as humans, we only need to remember words (domain names) instead of numbers (IP addresses).
Furthermore, in order for your computer to use DNS to help you find the website you want, it needs to be configured to connect with trusted DNS servers – and these are usually configured automatically by your Internet provider or company network.
So what happens when your computer is configured to use a malicious or untrusted DNS server?
In this scenario, for example, you might type “www.google.com” into your web browser and instead of connecting to Google, your computer could connect to somewhere completely different – to a computer pretending to be Google!
As you now may appreciate, the effectiveness and ramifications of this type of attack can be astounding; Internet banking sites and other previously trusted websites could be faked, right down to the address in the browser bar (which we have been previously telling you to always check!)
DNSChanger & the FBI
And so in 2011, a nasty thing called “DNSChanger” entered the malware history books forever; masterminded by some sneaky cyber crooks that set about infecting thousands of machines worldwide, with a malware that specifically changed the DNS settings on computers. Both PC and Mac were affected, as well as some home routers and firewalls as well.
In November 2011, the FBI announced they had seized control of a vast network of dodgy DNS servers in the US and abroad – and these were connected to a well-known Trojan malware circulating at the time, that was changing DNS settings.
Shortly after this, the cybercriminals, much like cockroaches, scattered themselves into dark places nowhere to be seen, leaving the poor FBI in control of these dodgy DNS servers (that were now relied upon by all the infected computers around the world to go about their daily web surfing!)
So how many computers are we talking about? Well, in February 2012, there were reportedly over 430,000 computers affected worldwide – and in Australia, there are known to be over 10,000. In New Zealand, we expect it is in the thousands.
In an ironic twist of fate, the FBI have, by default, become one of the biggest DNS hosting providers in the world – but it isn’t a title they want, and the issue is, how do they undo this situation?
Well, initially these dodgy DNS servers were going to be shut-off on March 8, but that deadline has since been extended to July 9 2012. After this date, if your computer or network equipment is infected you may not be able to access the Internet.
How to check if your computer is affected by DNSChanger malware
Here’s the good news: The Australian Communications and Media Authority (ACMA) recently launched a very simple website that enables you to check if the computer you’re using is relying on the DNSChanger DNS servers.
You can visit the site at: http://dns-ok.gov.au
If the site warns that you are affected by this issue, follow the instructions provided on-screen – or if you are an existing commercial AVG user, get in contact with us for support and we will gladly assist.
Until next time, stay safe out there!