How FBI DNS Changer Shutdown Might Break Your Internet and What To Do About It

Ads by Google

dns changerFBI actions mean 350,000 computers – all infected with the “DNSchanger” malware – will be cut off from the Internet on July 9, 2012. Does this sound like science fiction at best or a scam at worst? Well, it’s neither. Keep reading to hear the crazy story behind the FBI and the DNSChanger trojan, and what you can do to make sure your Internet will keep working.

Once upon a time, a particularly nasty trojan, known as DNS Changer, began spreading around the Internet. This trojan didn’t just infect computers and spread itself: it changed the very way these computers connect to the Internet. This trojan forcibly changed the DNS settings on computers, re-directing certain domains to fraudulent sites.

Wait a Second…What Is DNS?

Good question. To answer this, I’ve got an unusual request to make of you. Open a new tab, and type these numbers where you’d usually type the address: “74.125.224.72”. Hit enter and you’ll see the Google homepage.

dns changer

There’s no foul play here – 74.125.224.72 is one of Google’s many IP addresses. An IP address is a number assigned to a server; every website you visit has one. Every time you type a web address, like “Google.com”, and hit enter, a computer somewhere is translating that address into an IP address. These computers are called DNS servers, and they’re the reason the Internet works the way you expect it to.

Your Internet provider connects you with certain DNS servers by default. Some geeks like to use custom DNS servers, such as OpenDNS or Google DNS. There’s nothing wrong with using these services, and – depending on your Internet provider – they may even speed up your Internet connection.

Ads by Google

Computer viruses can change these settings too, though obviously speeding up your Internet connection isn’t their priority.

What DNSchanger Did

DNSchanger, as its name implies, changed the DNS servers used by infected computers. It affects both Windows and Mac computers, and is even known to change the settings on routers (if the default administrator password is unchanged).

Why do criminals bother with this? The FBI explains:

“Criminals have learned that if they can control a user’s DNS servers, they can control what sites the user connects to on the Internet. By controlling DNS, a criminal can get an
unsuspecting user to connect to a fraudulent website or to interfere with that user’s online web browsing.”

Basically, criminals were using evil DNS servers to redirect people from the sites they want to fraudulent sites, all in the name of making a couple bucks.

But don’t panic. The FBI got involved, and ultimately shut down the evil DNS servers. One problem though was that every infected computer depended on the evil DNS servers to connect to the Internet, meaning that completely shutting down these servers would cut off the then millions of infected computers from the Internet.

Instead of doing that, the FBI hired contractors to run friendly DNS servers. This meant the evil DNS servers could be shut down without cutting people off from the Internet, but it also left the FBI paying to run a DNS server for millions of people. This isn’t cheap.

The number of people still infected has since gone down – the official estimate is around 350,000 people. Even so, the FBI cannot afford to run these friendly DNS servers forever – so they’re stopping on July 9, 2012. That is why those with the trojan will find their Internet no longer working in July.

Am I Infected?

Naturally, after reading that, you’re curious to find out whether or not you’re infected. The quickest way to see if your computer is infected with the DNS Changer trojan is to visit this site. If you see red, you’ve got the virus. If you see green, you’re (probably) okay.

dns changer malware

There are more things you can do to check; the FBI can help with that. Follow the instructions provided there to figure out whether your DNS servers are good or evil.

How Can I Remove The Trojan?

dns changer

Did you find out you’ve got a trojan? Don’t panic! This malware is relatively old, and we’ve outlined more than a few free anti-virus programs that can help.

If you don’t have anti-malware software, I recommend Microsoft Security Essentials. It also doesn’t hurt to have the free version of Malwarebytes around for the occasional scan. Run scans with both programs and you should be fine, so run the above test again.

If neither of these programs will update, you might consider trying the BitDefender Live CD. It runs from its own operating system, and can usually get around DNS issues in your operating system.

Conclusion

I’d like to thank the great community at MakeUseOf Answers for pointing this story out to me, and helping to gather relevant information. Do you want more information? Be sure to read this official FBI release on the virus, which contains instructions for removing the DNS Changer virus and the history of it. If all else fails, that document can guide you through the removal process.

Of course, I also recommend checking out the comments below, because I’m sure the MakeUseOf community will pitch in with a few more tips.

Join live MakeUseOf Groups on Grouvi App Join live Groups on Grouvi
Awesome Websites
Awesome Websites
132 Members
Deep Web Communities
Deep Web Communities
80 Members
Best Anonymity Tools
Best Anonymity Tools
73 Members
Best Music Services
Best Music Services
43 Members
Online Security Tips
Online Security Tips
41 Members
Web for Kids
Web for Kids
32 Members
Windows Firewalls & Antivirus
Windows Firewalls & Antivirus
19 Members
Ads by Google
Comments (35)
  • gj

    great,simple & 2 the point,as well as BRIEF,with all necesary info.THANKU

  • Andrea

    hi Justin,

    from here I can say: for me, this warning doesn’t bother me…My machines are clean, checked and upgraded, so that this threat doesn’t hit me. I do have internet-access and I will have it tomorrow.

    The one reason is, that two of my machines are Linux-machines, which can be hit so easily and the other Windows-machine is secured, so that this one also can be hit…. And this evening, I also checked the machines of my family and they are also clean, upgraded and secure..

    So no reason to bother here…

    Greetings from Germany
    Andrea

  • Daniel

    If you’re using Windows, try doing a scan with Malwarebytes http://www.malwarebytes.org, also check out http://www.opendns.com/ You can use their DNS servers for hostname to ip address resolution.

  • Spirit

    You should list Superantispyware and Avast too

    Specifically Superantispyware

    http://www.superantispyware.com/

    Source – 16years of Software IT (I own a computer company that fix’s and builds pcs)

  • 7h3 d00d

    This article wasn’t that interesting to me, but as always on issues like this the comments are interesting.
    I see some of the people commenting ranting about this article being written in a way that makes the author seem like a retard, and yes this has been “dumbed down”.
    But that is exactly what it has been. In order for most of the people affected by this, stuff like this isn’t something they’re use to dealing with, and they need it explained in a way that the more computer savvy people may find stupid. But that doesn’t mean that these people are stupid or the author is stupid. Actually it takes a person who knows what he is talking about (and some people skills) to explain this in a way that they might understand.

    And then there was “security”, Ranting about Linux. Yes Linux is awesome, and yes it isn’t as much a target for malicious software and exploits. But that doesn’t mean that it isn’t at all. Even though you run Linux you should still be aware and probably use some sort of Firewall and/or AV-software. And yes the are a lot of great things about Linux. But there are some good things about Windows too. Like the fact that you can actually share and use your files with colleagues at work who doesn’t run Linux. And most of them doesn’t. Yes it would be lovely if you could just stick with Linux. But you can’t. I HAVE to use Windows because otherwise i can’t do my work with people do to format incompatibility.

Load 10 more
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.