The DNSChanger malware has been around for years, but its harmful effects are coming to a head this Monday.
DNSChanger is a Trojan horse malware with many variants. It changes an infected computer’s DNS settings to point to rogue, bad guy-controlled servers. These then show you ads that look real, but aren’t. Basically, it redirects your legitimate Web surfing to malicious Web sites that then attempt to steal personal information and generate illegitimate ad revenue.
DNSChanger changes your Domain Name System settings without your permission. This is bad because DNS is basically the Internet’s phone book crossed with a map. DNS links a URL, such as hightechtexan.com, to an IP address. DNSChanger changes that and redirects search results and URLs to malicious sites that are designed to either serve you ads to malicious sites, or intend to illegitimately collect your login information.
The malware was very effective and infected hundreds of thousands of computers. Prior to the bad guys being arrested, the FBI and German Federal Office for Information Security created a redirect of the redirect, so that many people infected by DNSChanger would still go to the legitimate Web sites that they intended to visit. The two governments agreed to keep the rogue DNS servers running until March. Then they learned that there were still around 450,000 active DNSChanger infections, and so the servers got a reprieve until Monday, July 9.
To check to see if your computer is safe from this malware, go to dns-ok.us. If you see an image with a green background if you’re clean. A red background means you’re infected. If infected here is a list of free tools to download and instructions on how to clean a computer infected with DNSChanger.