DNSChanger Malware or FBI Announcement on DNSChanger Malware

What is DNS?
  1. DNS (Domain Name System) is an Internet service that converts user-friendly domain names into the numerical Internet protocol (IP) addresses that computers use to talk to each other. When you request for a Web site in your Internet browser , such as www.fbi.gov or www.google.com, your computer first contacts the DNS servers. The DNS servers in turn look for your requested Web site in a numbered sequence called IP address, thereby returning a Web site on your computer.
How are customers affected by DNSChanger Malware?
  1. Criminals have learned that if they can control the DNS servers, they can actually control what sites you connect to on the Internet. By controlling DNS, a criminal can get you in unsuspecting manner to connect to a fraudulent Web site or interfere with your online Web browsing. One-way criminals do it is by infecting computers with a class of malicious software (malware) called DNSChanger. In this scenario, the criminal uses the malware to change the user’s DNS server settings to replace the ISP’s good DNS servers with bad DNS servers operated by the criminal. A bad DNS server operated by a criminal is referred to as a rogue DNS server.
What does DNSChanger do to customer’s computer?
  1. DNSChanger malware causes a computer to use rogue DNS servers in one of two ways:
  • First, it changes the computer’s DNS server settings to replace the ISP’s good DNS servers with rogue DNS servers operated by the criminal.
  • Second, it attempts to access devices on the victim’s small office or home office (SOHO) network that runs a Dynamic Host Configuration Protocol (DHCP) server (eg. A router or a home gateway).

The malware attempts to access these devices using common default user names and passwords and, if successful, changes the DNS servers these devices use from the ISP’s good DNS servers to the rogue DNS servers. This change that may affect all computers on the SOHO network, even if those computers are not infected with the malware.

What is FBI’s announcement about?
  1. The FBI has uncovered a network of rogue DNS servers and has taken steps to disable it. The FBI is also undertaking an effort to identify and notify victims who are affected by the DNSChanger malware. One consequence of disabling the rogue DNS network is that victims who rely on the rogue DNS network for DNS service can lose access to DNS services, and losing the Internet access. The computers which are infected with this malware may also be infected with other malware.To assist the DNSChanger malware victims, the FBI obtained a court order authorizing the Internet Systems Consortium (ISC) to deploy clean DNS servers temporarily. This solution is temporary, providing additional time for victims to clean affected computers and restore their normal DNS settings. The clean DNS servers will be turned off on July 9, 2012, and the DNSChanger infected computers may lose the Internet connectivity at that time. The replacement servers cannot remove the DNSChanger malware, or other viruses it may have facilitated, from the infected computers. Customers who believe their computers may be infected should run Norton Power Eraser
How to check for DNSChanger infection on a computer?
  1. To check if the DNS settings on the computer are not set to contact rouge DNS servers, go to http://www.dns-ok.us/
How can a customer restore to a clean DNS server?
  1. Customers can use Norton ConnectSafe
    service to configure their computer with a clean DNS server, or contact their ISP.


Kuttus is an IT professional and a part time blogger. He has started the 123seminarsonly to write his findings gained in daily work life. Kuttus writes articles which are mostly related to technology and Virus Removal. He has been interested in virus and Malware removal. He is working as a remote virus removal technician from the last 7 year.

More Posts - Website

Comments are closed.