DNSChanger Malware: How It Works And What To Do If You're Infected

  @ericbrownzzz on July 06 2012 5:17 PM

By now, you've probably heard about DNSChanger, a piece of malicious software that has found its way onto millions of computers worldwide. On Monday, any computer still infected with the software will be unable to connect to the Internet, leaving users in the dark forever. Or at least until they have to shell out hundreds of dollars for a new computer.

So what is this malicious software and how does it work? Don't worry, we've got you covered.

How DNSChanger Works

When you type an address into your web browser, your computer does some complicated work behind the scenes. Domain Name System (DNS) keeps takes those domain names and changes them into numeric Internet Protocol (IP) addresses. Your Web browser then uses the numeric address to connect to the website requested.

Think of it like a phone book. You know the name you want, and the DNS knows the correct number.

DNSChanger does exactly what the name sounds like. It changes a computer's DNS to instead connect to rogue DNS servers, sending users to fraudulent websites that made spammers millions of dollars.

The FBI was able to shut the ring down, but the damage still remains on many users' computers. To combat this, the intelligence organization set up a temporary safety net that redirects corrupted DNSs to the proper IP addresses. That safety net is set to go down on Monday, and anyone who remains infected will lose the ability to access the Internet.

How To Know If You're Infected

The first thing anyone needs to do is check to see if they have the virus. There are plenty of sites out there that will check computers to see if their DNS is working properly. The easiest is http://www.dns-ok.us/.

The site is painless and easy to use, and it doesn't require a download of any kind. If the result comes up green, your computer is free of infection. You can close out of this article and continue procrastinating at work.

If it comes up red, you'll need to keep reading below.

What To Do If You're Infected

If you have the malware installed on your PC, the first thing you'll need to do is make a backup your important data. If you don't have an external hard drive, you can easily find one at any store that carries computer accessories.

Once you have secured your data, you'll need to download a security program designed to discover and remove malware and viruses. Those running PCs may want to consider Windows Defender, while Mac users should check out MacScan. Both programs are free to download.

Finally, it's important to note that the malware may have affected your computer in other ways. Check bank statements and other financial information for any suspicious activity.

For more detailed instructions, visit the DNSChanger Working Group.

Join the Discussion