Print this page
Sunday, 22 April 2012 09:40

400,000+ Still Infected with the Four Year Old DNSChanger Malware; Could Lose Internet on July 8th

Written by

Reading time is around minutes.

safeThere is a lot of talk in the news about a very old piece of malware. This malicious code was called DNSChanger and was part of a criminal enterprise that intended to route people’s traffic through their own servers instead of the intended servers. This opened the victims up to countless other potential infections. The Malware was discovered back in 2004 and had a small amount of fame for its time. The impact of this particular infection was rated into the millions of Windows based PCs. Although the malware was identified and six people were arrested for it, the authorities did not know what to do about the infected systems (which is VERY odd).

Instead of working with one security company (or many) to develop a fix for the malware the FBI seized the DNS servers used by the group and maintained them. This meant that even if you were infected your internet traffic can still be routed to the proper destination. This was most likely done through the use of DNS forwarders (which is an amazingly simple fix). Now the FBI is looking to save some money so they are preparing to shut these servers off.


This move will leave a considerable number of people without valid DNS entries which means they will not be able to get to the websites they are looking for. As we have covered in the past DNS (Domain Name Service) is a method to turn the friendly names typed into a web browser into IP addresses that identify computers on the internet (or even inside a local area network or LAN). This is the system that Anonymous was reportedly going to attack (it was an April Fool’s joke) which if they had done so would have disrupted web traffic considerably (unless you knew the IP address already).

There are many ways to find out if you are infected with this bit of malware and also to fix it. Free applications like Malwarebytes, SpyBot Search & Destroy, and others can pick up on these infections. You can also head to dcwg.org and find out at once. From there they have even listed steps to reset your DNS entries.

Of course there is a nagging little thing here that we cannot help thinking about. Although the FBI was helping a large base of infected systems we also have to wonder about the fact that a large group of people’s internet traffic was gassing through government controlled servers. This strikes us as very unusual and perhaps a little sneaky. As DNS servers can be setup to log all requests (original requested site etc.) it seems like a great way to track a large group of people on the internet. Of course the likelihood that any of those people were of any importance is very small, but this was an opportunity and we know that the FBI never misses one of those.

No matter the real reasons for the FBI maintaining the DNS servers, they are pulling the plug on them on July 8th. It might be worth it to head over to DCWG.org just to be safe and check things out. Of course you should always have a good anti-virus software on hand and even with that we would recommend performing periodic checks to make sure your traffic it not being re-routed through the use of proxies, a compromised hosts file or some other means of redirection.

Dsicuss this in our Forum

Read 2779 times Last modified on Sunday, 22 April 2012 09:57
Sean Kalinich

Latest from Sean Kalinich

Related items