Friday, 6 July 2012

Big Trouble - DNSChanger: How to find it and how to fix it



Next Monday hundreds of thousands of people could lose Internet access, if their computers are infected with malicious software from 2007.
The warnings about the Internet problem have been splashed across Facebook and Google. Internet service providers have sent notices, and the FBI set up a special website.
But people around the world may still lose their Internet service unless they do a quick check of their computers for malware that could have taken over their machines more than a year ago.
Users whose computers are still infected Monday will lose their ability to go online, and they will have to call their service providers for help deleting the malware and reconnecting to the Internet.
The problem began when international hackers ran an online advertising scam to take control of more than 570,000 infected computers around the world. When the FBI went in to take down the hackers late last year, agents realized that if they turned off the malicious servers being used to control the computers, all the victims would lose their Internet service.
In a highly unusual move, the FBI set up a safety net. They brought in a private company to install two clean Internet servers to take over for the malicious servers so that people would not suddenly lose their Internet.
But that temporary system will be shut down at 12:01 a.m. EDT Monday (0401 GMT), July 9.
The FBI released this statement in March to clarify why the servers were going down:
"To assist victims affected by the DNSChanger malicious software, the FBI obtained a court order authorizing the Internet Systems Consortium (ISC) to deploy and maintain temporary clean DNS servers. This solution is temporary, providing additional time for victims to clean affected computers and restore their normal DNS settings. The clean DNS servers will be turned off on July 9, 2012, and computers still impacted by DNSChanger may lose Internet connectivity at that time."
Most victims don't even know their computers have been infected, although the malicious software probably has slowed their Web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.


What can you do now?


To finding out whether you’re infected is a simple matter of visiting a checking site. Go to dns-ok.us in your browser, and if the background is green then your computer’s DNS settings are good. If it’s red, however, then you will need to go through some clean-up steps.
There’s a list of tools here, each of which should get your computer up and running properly again. Microsoft has one such tool, as do the main anti-virus vendors such as McAfee and Norton. It’s a good idea to do a backup of files and personal data beforehand, just in case, but the process should – now that the workings of DNSChanger are broadly understood – be simple.



No comments:

Post a Comment