Skip to main content

FBI: Check For DNS Changer or Lose Internet Access

The FBI is now calling on web surfers to check their PC or Mac for the DNS Changer trojan before July 9, or else lose access to the Internet. These users might not actually be aware the malware is even installed, as the FBI seized the DNS Changer servers last year but left them up and running so that Internet access isn't disrupted for hundreds of thousands of Web surfers.

According to the FBI, around 450,000 PCs and Macs are still infected with DNS Changer. Discovered back in 2007, it alters the victim's DNS settings and points them to malicious DNS in data centers in Estonia, New York, and Chicago.

"The malicious DNS servers would give fake, malicious answers, altering user searches, and promoting fake and dangerous products," says the DNS Changer Working Group (DCWG). "Because every web search starts with DNS, the malware showed users an altered version of the Internet."

The FBI, working in conjunction with the Estonian police, eventually crashed the scene at Rove Digital and seized their botnet servers. Under a court order, which expires on July 9, the Internet Systems Consortium is operating replacement DNS servers for the botnet. This is to allow time to identify infected hosts and to prevent Internet disruption.

But now the FBI is gearing up to shut those severs down, as they're costing the taxpayer loads of money to maintain. Because DNS Changer alters the DNS settings of the OS to redirect traffic to the malicious servers, infected Web surfers will be unable to access the Internet after the shutoff date. For many, the fix is a simple change in Network Connections (in Windows 7) to alter the settings. But the general Internet user will likely suffer Internet blackout unless they remove the malware.

The DCWG is that party that has maintained the DNS Changer servers since they were captured by the FBI. The group has created a website that allows Internet users to scan and clean their PC or Mac of the DNS Changer trojan (also known as TDSS, Alureon, TidServ and TDL4). The site also includes instructions on how to check the DNS settings in Windows XP, Windows 7 and Mac OS X, and manually change those settings.

For those with an infected PC or Mac, Forbes has conjured up a list of removal tools, as seen below:

Avira

Hitman Pro (32bit and 64bit versions)

Kaspersky Labs TDSSKiller

MacScan

McAfee Stinger

Microsoft Windows Defender Offline

Microsoft Safety Scanner

Norton Power Eraser

Trend Micro Housecall

  • amk-aka-Phantom
    The malicious DNS servers would give fake, malicious answers, altering user searches, and promoting fake and dangerous products

    Oh, THAT is why I ended up on Apple's website recently!!! Gotta check for DNS changer now!
    Reply
  • Murissokah
    Tom's readers should prepare to fix their friends' computers... for a reasonable price.
    Reply
  • stingstang
    This sounds like a ploy to me...
    Reply
  • MKBL
    Avira couldn't remove tdss infection in my PC. I had to use TDSS Killer and Combofix to completely clean up.
    Reply
  • djscribbles
    Ok, is it just me or did the government waste a ton of money here?

    All they needed to do was host a website with good instructions on how to fix your DNS, then make all DNS requests coming into these fake servers point to that website; rather than keeping a fake DNS server on life support for a year and delaying the inevitable blackout for people that don't know any better.
    Reply
  • shafe88
    The FBI is now calling on web surfers to check their PC or Mac for the DNS Changer trojan before July 9, or else lose access to the Internet.
    What happened to Macs, I thought they where worry free when it came to this type of stuff, and what about Linux, Oh wait no need their is none(very few) of this type of stuff in Linux land, cause people have too much respect for Tux.
    Reply
  • drwho1
    first time that I heard of this.
    so... how do I know if my computer (or any other computer that I might "know") is infected?
    Reply
  • syrious1
    sounds like something the MPAA and FBI cooked up together
    Reply
  • drwho1
    When I hover my mouse over the links provided in this "article" it reads:
    "housecall.trendmicro.com"

    something smells fishy.
    Reply
  • MKBL
    MKBLAvira couldn't remove tdss infection in my PC. I had to use TDSS Killer and Combofix to completely clean up.Forgot to mention that Avira detected the TDSS infection. It just couldn't remove what it found. Weird.
    Reply