Skip to main content

FBI: Check For DNS Changer or Lose Internet Access

The FBI is now calling on web surfers to check their PC or Mac for the DNS Changer trojan before July 9, or else lose access to the Internet. These users might not actually be aware the malware is even installed, as the FBI seized the DNS Changer servers last year but left them up and running so that Internet access isn't disrupted for hundreds of thousands of Web surfers.

According to the FBI, around 450,000 PCs and Macs are still infected with DNS Changer. Discovered back in 2007, it alters the victim's DNS settings and points them to malicious DNS in data centers in Estonia, New York, and Chicago.

"The malicious DNS servers would give fake, malicious answers, altering user searches, and promoting fake and dangerous products," says the DNS Changer Working Group (DCWG). "Because every web search starts with DNS, the malware showed users an altered version of the Internet."

The FBI, working in conjunction with the Estonian police, eventually crashed the scene at Rove Digital and seized their botnet servers. Under a court order, which expires on July 9, the Internet Systems Consortium is operating replacement DNS servers for the botnet. This is to allow time to identify infected hosts and to prevent Internet disruption.

But now the FBI is gearing up to shut those severs down, as they're costing the taxpayer loads of money to maintain. Because DNS Changer alters the DNS settings of the OS to redirect traffic to the malicious servers, infected Web surfers will be unable to access the Internet after the shutoff date. For many, the fix is a simple change in Network Connections (in Windows 7) to alter the settings. But the general Internet user will likely suffer Internet blackout unless they remove the malware.

The DCWG is that party that has maintained the DNS Changer servers since they were captured by the FBI. The group has created a website that allows Internet users to scan and clean their PC or Mac of the DNS Changer trojan (also known as TDSS, Alureon, TidServ and TDL4). The site also includes instructions on how to check the DNS settings in Windows XP, Windows 7 and Mac OS X, and manually change those settings.

For those with an infected PC or Mac, Forbes has conjured up a list of removal tools, as seen below:

Avira

Hitman Pro (32bit and 64bit versions)

Kaspersky Labs TDSSKiller

MacScan

McAfee Stinger

Microsoft Windows Defender Offline

Microsoft Safety Scanner

Norton Power Eraser

Trend Micro Housecall