How FBI DNS Changer Shutdown Might Break Your Internet and What To Do About It

fbi icon   How FBI DNS Changer Shutdown Might Break Your Internet and What To Do About ItFBI actions mean 350,000 computers – all infected with the “DNSchanger” malware – will be cut off from the Internet on July 9, 2012. Does this sound like science fiction at best or a scam at worst? Well, it’s neither. Keep reading to hear the crazy story behind the FBI and the DNSChanger trojan, and what you can do to make sure your Internet will keep working.

Once upon a time, a particularly nasty trojan, known as DNS Changer, began spreading around the Internet. This trojan didn’t just infect computers and spread itself: it changed the very way these computers connect to the Internet. This trojan forcibly changed the DNS settings on computers, re-directing certain domains to fraudulent sites.

Wait a Second…What Is DNS?

Good question. To answer this, I’ve got an unusual request to make of you. Open a new tab, and type these numbers where you’d usually type the address: “74.125.224.72″. Hit enter and you’ll see the Google homepage.

Google DNS   How FBI DNS Changer Shutdown Might Break Your Internet and What To Do About It

There’s no foul play here – 74.125.224.72 is one of Google’s many IP addresses. An IP address is a number assigned to a server; every website you visit has one. Every time you type a web address, like “Google.com”, and hit enter, a computer somewhere is translating that address into an IP address. These computers are called DNS servers, and they’re the reason the Internet works the way you expect it to.

Your Internet provider connects you with certain DNS servers by default. Some geeks like to use custom DNS servers, such as OpenDNS or Google DNS. There’s nothing wrong with using these services, and – depending on your Internet provider – they may even speed up your Internet connection.

Computer viruses can change these settings too, though obviously speeding up your Internet connection isn’t their priority.

What DNSchanger Did

DNSchanger, as its name implies, changed the DNS servers used by infected computers. It affects both Windows and Mac computers, and is even known to change the settings on routers (if the default administrator password is unchanged).

Why do criminals bother with this? The FBI explains:

“Criminals have learned that if they can control a user’s DNS servers, they can control what sites the user connects to on the Internet. By controlling DNS, a criminal can get an
unsuspecting user to connect to a fraudulent website or to interfere with that user’s online web browsing.”

Basically, criminals were using evil DNS servers to redirect people from the sites they want to fraudulent sites, all in the name of making a couple bucks.

But don’t panic. The FBI got involved, and ultimately shut down the evil DNS servers. One problem though was that every infected computer depended on the evil DNS servers to connect to the Internet, meaning that completely shutting down these servers would cut off the then millions of infected computers from the Internet.

Instead of doing that, the FBI hired contractors to run friendly DNS servers. This meant the evil DNS servers could be shut down without cutting people off from the Internet, but it also left the FBI paying to run a DNS server for millions of people. This isn’t cheap.

The number of people still infected has since gone down – the official estimate is around 350,000 people. Even so, the FBI cannot afford to run these friendly DNS servers forever – so they’re stopping on July 9, 2012. That is why those with the trojan will find their Internet no longer working in July.

Am I Infected?

Naturally, after reading that, you’re curious to find out whether or not you’re infected. The quickest way to see if your computer is infected with the DNS Changer trojan is to visit this site. If you see red, you’ve got the virus. If you see green, you’re (probably) okay.

dnschanger test   How FBI DNS Changer Shutdown Might Break Your Internet and What To Do About It

There are more things you can do to check; the FBI can help with that. Follow the instructions provided there to figure out whether your DNS servers are good or evil.

How Can I Remove The Trojan?

Theprocessionofthetrojanhorseintroybygiovannidomenicotiepolo   How FBI DNS Changer Shutdown Might Break Your Internet and What To Do About It

Did you find out you’ve got a trojan? Don’t panic! This malware is relatively old, and we’ve outlined more than a few free anti-virus programs that can help.

If you don’t have anti-malware software, I recommend Microsoft Security Essentials. It also doesn’t hurt to have the free version of Malwarebytes around for the occasional scan. Run scans with both programs and you should be fine, so run the above test again.

If neither of these programs will update, you might consider trying the BitDefender Live CD. It runs from its own operating system, and can usually get around DNS issues in your operating system.

Conclusion

I’d like to thank the great community at MakeUseOf Answers for pointing this story out to me, and helping to gather relevant information. Do you want more information? Be sure to read this official FBI release on the virus, which contains instructions for removing the DNS Changer virus and the history of it. If all else fails, that document can guide you through the removal process.

Of course, I also recommend checking out the comments below, because I’m sure the MakeUseOf community will pitch in with a few more tips.

The comments were closed because the article is more than 180 days old.

If you have any questions related to what's mentioned in the article or need help with any computer issue, ask it on MakeUseOf Answers—We and our community will be more than happy to help.

35 Comments -

0 votes

doorknob60

Good, people that aren’t smart enough to keep their computers safe and malware-free don’t deserve to be on the internet anyways :P And I don’t want our government paying money to keep these DNS servers up just because people weren’t careful, not like they have extra money to throw away…

0 votes

jarthur-sullivan

paranoid schizo

0 votes

MrG

I think it’s absolutely correct for the FBI to do this. If your machine is infected, it should be removed from the internet until it has been disinfected, simple as that. I don’t want that trojan misdirecting you to a site where you can get even more infected and then that infection going through your email address book sending infected attachments to my freinds and relatives. Have some respect for others people.

Don’t be whining about how you didn’t know.
To make the car analogy, in the UK at least, the car is checked for general roadworthiness once a year and if something goes wrong with the car, you take it to a mechanic to get it fixed.
Anyone infected with this trojan, probably hasn’t taken any interest in their computer and its protection mechanisms. Probably took the 3 month free deal on AV when they bought it and then didn’t renew when the time came.

The world really needs to wisen up here. If you’re going to own a computer and even more so, use it to access the internet, you need an idea of what you’re doing. It’s just not good enough to say that you don’t understand.

If you’re too lazy to learn how to use a computer, at least take it to a professional once in a while to have it checked out. It’s not expensive and your computer will be in tip-top shape afterwards. Almost certainly more secure than when you first bought it.

So. You don’t HAVE to understand your computer, but you DO need to understand that it needs looking after and take responsibility for YOUR actions on the internet.

Either learn what you’re doing or stop being a pikey and get your computer looked at.

0 votes

Justin Pot

The FBI actually did all it could to keep infected computers on the Internet, and is only cutting them off because it can no longer afford to do so. So while I agree people should take keeping their computer’s clean more seriously, that isn’t why the FBI is doing this.

0 votes

Greg

That’s not fair, it’s not like this kind of stuff is obvious to non tech people.
That’s why companies like Dell install an anti virus already, since the customer won’t download one themselves.

0 votes

doorknob60

Yeah, I get that, but people really need to be more educated about these things these days. I’m not sure the best way of doing that, but I know back in the 90s, it seemed to me like people were much more knowledgeable about computers, but recently people are often careless and too lazy to learn how to take care of their computers.

All I ask is that people know not to click links from shady e-mails or download and run executables from unknown sites, it shouldn’t be that hard. That, and ensuring your Antivirus and OS is always up to date. That usually happens automatically, yet it seems like those programs are still out of date on most computers. Obviously, saying they shouldn’t be on the internet is an exaggeration, but people need to know the basics. We can’t let people drive on our roads without the proper skills to drive, this is different since it doesn’t affect the safety of our lives, but it affects the safety of our computers.

0 votes

G

Great article. I keep antivirus up to date but I ended up with this mess and went thru changes wiping my computer and reinstalling all software. A virus is just that, and will infect until an antivirus is created regardless of the color of your president or your particular computer IQ.

0 votes

Greg

So this doesn’t work on Linux computers? Yay!

0 votes

bmor

No, but it can affect the router your Linux computer is connected to,

0 votes

Justin Pot

bmor speaks truth! A friend visiting with a Windows or Mac computer may have changed the DNS settings on your router, so even Linux users may be vulnerable.

If your router uses the default username and password, you should change it and check your DNS settings, just to be safe.

0 votes

Doomus

What the blazing shit are you on about, boy? “Evil” DNS servers? FBI funded “Good” servers? Redirects to fake sites to “make a few bucks”? Have you totally lost the fucking plot? Jesus Christ is this what we’ve come to accept as an ‘expert opinion’?

We’re all doomed.

Even if the infantile and insulting simplicity of “Good” vs “Evil” wasn’t utterly fictitious, which errrrm….it IS, your grasp of the most basic concepts surrounding this issue quite clearly demonstrate that allowing you to even look at electricity is a direct violation of Health and Safety legislation.

1. The FBI, like all organisations, works within budgetary constraints. When allocating funds for operations to prevent criminal activity the estimated cost is offset against several key indicators. These are the projected loss to the state should the crime be allowed to occur including any litigation or compensation, potential loss of tax revenue, undesirable media requiring costly damage limitation, possible impact on future funding and loss on ongoing intelligence as known groups are replaced by others filling the vacuum. If the numbers don’t add up, it doesn’t happen. Law enforcement knows crime will never be stopped and indeed has no interest in attempting to do so as no crime = no job.

2. If you are redirected to a hijacked payment page and fooled into entering your details what happens then? How many times do you think this would happen before someone noticed? Then what? Once a virus is detected in the wild the key goes public and a definition is added to every AV app in the world. Your virus is now public domain, and worthless. Why would any criminal organisation want to launch any virus into the wild that is detected so fast and yields so little return?

3. A good virus is one that you never know you have. It doesn’t steal your credit card info, empty your bank accounts, rape your router, shag your wife, blat your hard drive, drink your beer and then hijack a plane and crash it into Menwith Hill. It doesn’t do anything.

Much.

Just a few little commands, an exploit here, a bit of machine level slight of hand there, just enough to give the person or group distributing it low level control of your entire machine. Often it’s for anonymity, sometimes to use you as a cyber patsy by attempting to access restricted systems using your fingerprint. (RATs are good for this, if you do any hacking keep a RAT on your own machine and plead ignorance. Plausible deniability rocks) Other times its to use a tiny percent of your machines processing power, along with thousands of others around the world, linked into what is called a BotNet, to launch DDoS attacks on big systems.

This is how those useless fucktards at the FBI and the USJD got their lovely high security websites shut down just hours after their illegal raid on MU.

Whatever the reality, it’s not something the FBI will ever stop. They’re idiots.

And it certainly isn’t this bollocks, either!

0 votes

Mike

-gives you a chill pill- I think you might need this.

0 votes

Justin Pot

The “good” and “evil” thing was meant to be tongue-in-cheek. I shall endeavor to be more clear in the future.

You make some good comments here, but I think what I’m doing is fundamentally unrelated to them. I’m trying to explain the actual circumstances of an actual virus to people who might not be as computer savvy as you. Nothing more, nothing less.

0 votes

Doomus

This is, without doubt, the biggest lot of toss I have ever read in the entire history of the internet.

You ought to be ashamed of yourself.

0 votes

Mark O’Neill

No one is forcing you to read this article. And we would ask you to moderate your language if you want to leave a comment here. Otherwise we will moderate your language for you.

0 votes

Dan

Mark, Thank you for the quick professional response to Doomus! (Better known as Dum-mus) People like this are just a “WOS” and have no love of themselves.

0 votes

Justin Pot

This is, without a doubt, the most intelligent comment in the history of the Internet.

You ought to be proud of yourself.

0 votes

Security

OK listen up guys if you want to be safe and forget about Virus and Anti-virus. Stop using Microsoft Windows its sucks your money.
Start using Linux operating system, software are free and no viruses there also drives are automatically found.
You just need working brain because its different the Windows and better.
reply if you dissagre with me.

0 votes

Justin Pot

I’m sure everyone who reads your comment will install Linux immediately. Good work.

0 votes

Security

Am I am not saying the truth, you probably one of the Linux users as well right :)

0 votes

SuperJdynamite

I heard Linux lacks spell checking.

0 votes

Brendon King

If you wish to have a reliable and free OS that can do just as much as Windows in the Linux world or more, then switch to Ubuntu. It’ll do whatever you want it to do and more for the cost of nothing.

To be a good guy I’ll post a hyperlink to the download:
http://www.ubuntu.com/download

0 votes

Security

If you dont want Viruses and no problems forget about Windows and Imigrate to Linux it will better for you. Stop spending money on bill gates, because in Linux software is free.

0 votes

Security

ignore it!

0 votes

Ashley

He’s double posted. So because he can’t figure out how to use his mouse and/or keyboard correctly, we should all take his advice immediately on the more intricate workings of computers. *eyeroll*

0 votes

Rajeev Joseph

Dear friends,
Happened to visit this site while searching about DNS Changer.

I am from Kerala, India and am a High School Teacher. In our state ,Kerala, the Government runs more than 13000 schools and around 6-7 million children get education in these schools. And for the last 8 years the state has been using Linux based Operating Systems to teach Information Technology from classes 5-10. Since 2009 it is Ubuntu and right now we use the 11.10 version.

We are happy with Linux OS and personally I had almost forgotten the word ‘virus’ for 2 years as I have removed Windows from my system.

0 votes

Chuck

Truth be told I’m more weary of visiting a government sanctioned website than being affected by a virus that’s only recently appeared (or at the very least publicized as much). If I get cut off, I’ll reformat my computer and router. There’s no telling what ulterior motives may (or may not) be.

0 votes

Justin Pot

I can assure you that visiting that site I linked to will do nothing other than tell you whether your DNS is legitimate. Besides: if the government wants to spy on you they already can. They don’t need to trick you into visiting a certain site for that.

Unless, of course, you’re wearing your tinfoil hat. Then you’re completely safe. :)

0 votes

SuperJdynamite

“There’s no telling what ulterior motives may (or may not) be.”

There was a time when it was curiosity. Now, like everything else, it’s money.

0 votes

7h3 d00d

This article wasn’t that interesting to me, but as always on issues like this the comments are interesting.
I see some of the people commenting ranting about this article being written in a way that makes the author seem like a retard, and yes this has been “dumbed down”.
But that is exactly what it has been. In order for most of the people affected by this, stuff like this isn’t something they’re use to dealing with, and they need it explained in a way that the more computer savvy people may find stupid. But that doesn’t mean that these people are stupid or the author is stupid. Actually it takes a person who knows what he is talking about (and some people skills) to explain this in a way that they might understand.

And then there was “security”, Ranting about Linux. Yes Linux is awesome, and yes it isn’t as much a target for malicious software and exploits. But that doesn’t mean that it isn’t at all. Even though you run Linux you should still be aware and probably use some sort of Firewall and/or AV-software. And yes the are a lot of great things about Linux. But there are some good things about Windows too. Like the fact that you can actually share and use your files with colleagues at work who doesn’t run Linux. And most of them doesn’t. Yes it would be lovely if you could just stick with Linux. But you can’t. I HAVE to use Windows because otherwise i can’t do my work with people do to format incompatibility.

0 votes

Spirit

You should list Superantispyware and Avast too

Specifically Superantispyware

http://www.superantispyware.com/

Source – 16years of Software IT (I own a computer company that fix’s and builds pcs)

0 votes

Daniel

If you’re using Windows, try doing a scan with Malwarebytes http://www.malwarebytes.org, also check out http://www.opendns.com/ You can use their DNS servers for hostname to ip address resolution.

0 votes

Andrea

hi Justin,

from here I can say: for me, this warning doesn’t bother me…My machines are clean, checked and upgraded, so that this threat doesn’t hit me. I do have internet-access and I will have it tomorrow.

The one reason is, that two of my machines are Linux-machines, which can be hit so easily and the other Windows-machine is secured, so that this one also can be hit…. And this evening, I also checked the machines of my family and they are also clean, upgraded and secure..

So no reason to bother here…

Greetings from Germany
Andrea

0 votes

Justin Pot

Well done. Staying secure is important.

0 votes

gj

great,simple & 2 the point,as well as BRIEF,with all necesary info.THANKU