FBI actions mean 350,000 computers – all infected with the “DNSchanger” malware – will be cut off from the Internet on July 9, 2012. Does this sound like science fiction at best or a scam at worst? Well, it’s neither. Keep reading to hear the crazy story behind the FBI and the DNSChanger trojan, and what you can do to make sure your Internet will keep working.
Once upon a time, a particularly nasty trojan, known as DNS Changer, began spreading around the Internet. This trojan didn’t just infect computers and spread itself: it changed the very way these computers connect to the Internet. This trojan forcibly changed the DNS settings on computers, re-directing certain domains to fraudulent sites.
Wait a Second…What Is DNS?
Good question. To answer this, I’ve got an unusual request to make of you. Open a new tab, and type these numbers where you’d usually type the address: “188.8.131.52”. Hit enter and you’ll see the Google homepage.
There’s no foul play here – 184.108.40.206 is one of Google’s many IP addresses. An IP address is a number assigned to a server; every website you visit has one. Every time you type a web address, like “Google.com”, and hit enter, a computer somewhere is translating that address into an IP address. These computers are called DNS servers, and they’re the reason the Internet works the way you expect it to.
Your Internet provider connects you with certain DNS servers by default. Some geeks like to use custom DNS servers, such as OpenDNS or Google DNS. There’s nothing wrong with using these services, and – depending on your Internet provider – they may even speed up your Internet connection.
Computer viruses can change these settings too, though obviously speeding up your Internet connection isn’t their priority.
What DNSchanger Did
DNSchanger, as its name implies, changed the DNS servers used by infected computers. It affects both Windows and Mac computers, and is even known to change the settings on routers (if the default administrator password is unchanged).
Why do criminals bother with this? The FBI explains:
“Criminals have learned that if they can control a user’s DNS servers, they can control what sites the user connects to on the Internet. By controlling DNS, a criminal can get an
unsuspecting user to connect to a fraudulent website or to interfere with that user’s online web browsing.”
Basically, criminals were using evil DNS servers to redirect people from the sites they want to fraudulent sites, all in the name of making a couple bucks.
But don’t panic. The FBI got involved, and ultimately shut down the evil DNS servers. One problem though was that every infected computer depended on the evil DNS servers to connect to the Internet, meaning that completely shutting down these servers would cut off the then millions of infected computers from the Internet.
Instead of doing that, the FBI hired contractors to run friendly DNS servers. This meant the evil DNS servers could be shut down without cutting people off from the Internet, but it also left the FBI paying to run a DNS server for millions of people. This isn’t cheap.
The number of people still infected has since gone down – the official estimate is around 350,000 people. Even so, the FBI cannot afford to run these friendly DNS servers forever – so they’re stopping on July 9, 2012. That is why those with the trojan will find their Internet no longer working in July.
Am I Infected?
Naturally, after reading that, you’re curious to find out whether or not you’re infected. The quickest way to see if your computer is infected with the DNS Changer trojan is to visit this site. If you see red, you’ve got the virus. If you see green, you’re (probably) okay.
There are more things you can do to check; the FBI can help with that. Follow the instructions provided there to figure out whether your DNS servers are good or evil.
How Can I Remove The Trojan?
Did you find out you’ve got a trojan? Don’t panic! This malware is relatively old, and we’ve outlined more than a few free anti-virus programs that can help.
If you don’t have anti-malware software, I recommend Microsoft Security Essentials. It also doesn’t hurt to have the free version of Malwarebytes around for the occasional scan. Run scans with both programs and you should be fine, so run the above test again.
If neither of these programs will update, you might consider trying the BitDefender Live CD. It runs from its own operating system, and can usually get around DNS issues in your operating system.
I’d like to thank the great community at MakeUseOf Answers for pointing this story out to me, and helping to gather relevant information. Do you want more information? Be sure to read this official FBI release on the virus, which contains instructions for removing the DNS Changer virus and the history of it. If all else fails, that document can guide you through the removal process.
Of course, I also recommend checking out the comments below, because I’m sure the MakeUseOf community will pitch in with a few more tips.