You probably have not heard of DNSchanger malware. If this is true, you have probably less than 48 hours to know what it’s about and how it could affect you. Come to think of it, we know what it could do to you: it could keep you off the Internet from the 9th of July onwards. You will experience firsthand what the death of the Internet feels like.
We hope we got your attention already because time is of the essence. Let’s cover the basics real quick.
about DNSChanger Malware
DNSchanger is a malware discovered in 2007 which went on to infect millions of computer systems worldwide. It was released by cybercriminals to take control of your web server. The Malware intercepts websites visited by your web browser and redirect you to other sites they had prepared, so you will then use the server under their control. Once you are infected, you are set to use only their server every time you go online. This DNS server will alter every user searches, giving fake and malicious answers as well as promoting fake and dangerous products. It is showing users the altered version of the Internet.
The main idea of this server is so they can easily push web ads to you, earning themselves millions of dollars. You can still surf the Internet like normal if the server keeps running.
Why You Should Remove DNSChanger Malware
When the FBI and the Estonian Police seized these controlled servers some time in 2011, they have cleaned up all the crime operations, however the servers were kept running to serve all infected systems. If they had shut the server down, the web activities of these infected systems will be disrupted. This means that if your system is one of the infected ones, you can no longer go online.
Since the seige, a special group called DNSChanger Working Group (DCWG) was assigned to maintain the servers, but as it was a costly operation to maintain, a final decision was made to turn these DNS servers off.
This will happen on July 9th 2012.
Earlier this year, it is said that there were about 450,000 computer systems that were still infected, but it has now been reduced to about 277,000. With the inoperation on these servers, if your system is among the 277,000 infected, you will not be able to go online after 9th July – unless you remember every IP address of the websites you want to visit.
How to find out if your system is infected
Firstly, you must find out if your system is among the still affected 277,000 systems. Since May 2012, Google has taken the initiative to inform you if they found the DNSChanger Malware in your system, by giving you an alert on their website. When you see the alert, click on the link ‘Learn how to remove this software’ and Google will guide you on the steps to remove the malware.
If you don’t see the warning on Google’s site, you can also visit DCWG’s official website to find out if your system is one of the victim, and if it is, follow the guide to removing it.
Alternatively, you can also visit to these ‘Are you infected’ sites to quickly find out if your systems are infected (English websites).
There are also many other ‘Are you infected’ sites available in many languages; you can check here.
How to remove DNSChanger Malware
If your have been affected by the DNSChanger Malware, you need to fix your computer system. The only way researchers would suggest to fix your computer is to reformat your hard drive and reinstall the Operating System from scratch. Reverting your OS to a prior backup is not enough since the malware will be able to reclaim your system.
As suggested by DCWG, there are few steps to follow if you are infected:
Backup all your important files.
- Follow the self-help guide as provided by the ‘free tools’ in the list below.
Once your computer is clean, follow instructions to ensure your DNS settings are correct.
- After fixing your computer, make sure your router (if you are using) use the DNS settings provided by the ISP.
- Changing DNS is only one of the functions of the malware kit. The malware could have captured some of your important information so it is a good idea to check your bank statements and credit reports as well as to take precaution by changing your passwords on any online accounts.
There are a number of free tools with self-help guides available to help you remove the DNSChanger and related threats;
- Hitman Pro (32bit and 64 bit versions)
- Kaspersky Labs TDSSKiller
- McAfee Singer
- Microsoft Windows Defender Offline
- Microsoft Safety Scanner
- Norton Power Eraser
- Trend Micro Housecall
How to protect yourself
To learn how to protect yourself from malware infections check out the following web references which guide you in protecting yourself from DNSChanger and many other Malware.
- APWG CMU-CyLab Anti-Phishing Education Landing Page Program
- Microsoft’s Understanding Security And Safer Computing
- CERT Coordination Center Home Network Security
If you are part of the group who cannot live without the Internet, you should act now, or prepare to say goodbye to the Internet. Again, to find out if you are infected, start here.