Is your computer  infected with the DNSChanger virus? You'll know for sure this Monday, if at 12:01 a.m. you're suddenly unable to connect to Web sites and it's not a broken router or carrier signal disruption to blame.
The FBI plans to discontinue a safety net of servers it set up to facilitate Web access for more than 277,000 computer users after it took down the hacker group that created the virus, which redirects infected computers away from their intended Web destinations.
When You Least Expect It...
Computers navigate the Internet through Domain Name System, or DNS, servers, which translate the words in URLs into a numeric address system.
"Criminals have learned that if they can control a user's DNS servers, they can control what sites the user connects to on the Internet," warns the FBI on its Web site. "By controlling DNS, a criminal can get an unsuspecting user to connect to a fraudulent Web site or to interfere with that user's online Web browsing."
DNSChanger has been known to slow your surfing speed or give you pop-ups, including some warnings that you have been infected and trying to sell you phony anti-virus software . But otherwise it can be hard to detect on your own.
The good news is there's an easy way to check, courtesy of a Web site the FBI set up in cooperation with public and private security experts. That site is http://www.dns-ok.us/ -- operated by the DNSChanger Working Group -- and it has a tool to check your device as well as resources for working with your provider to get rid of it and stay connected.
The creation of DNSChanger is associated with the Zlob Trojan, which was first detected in 2005.
"According to some reports, the same Estonian crime ring that created Zlob developed variants including DNSChanger, which first appeared in 2007," said Charles King, principal analyst at Pund-IT.
What's in It for Hackers?
"DNSChanger adds fake DNS name servers to an infected PC 's registry, then attempts to hack into detected routers to change the DNS settings and -- in theory -- re-route additional traffic to Web sites owned by the group," King told us Thursday. "In addition, PCs infected with DNSChanger 'clicked' on pop-up ads without owners knowledge, thus driving significant ad revenues for the criminals."
He said that when the FBI broke up the Estonian ring last November, it estimated that the group had already collected more than $14 million in revenues. Fearing that victims would be knocked offline if it took down the Zlob servers, the FBI has been maintaining a site to support them. More than 570,000 computers were infected during DNSChanger's peak.
"Due to the cost of maintaining the site, the FBI is shutting it down on Monday, July 9th, which will effectively cut off Internet service for any PC that's still infected," King said.
charles:
Posted: 2012-07-08 @ 8:32pm PT
My server cannot connect with this address. Is this a scam or is this a real threat? If so, how can we get some help?
Ramon:
Posted: 2012-07-08 @ 5:22pm PT
@Jackie: If the PCs at your school have a virus, the virus should be removed using virus detection software. There's an easy fix.
jackie:
Posted: 2012-07-08 @ 5:12pm PT
How come the FBI is pulling the plug when we pay them good money? This is wrong. We won't have no pc for my school.
betty j thomas:
Posted: 2012-07-06 @ 4:47pm PT
I don't know what to think. The comments give many alternatives to the various sites.
Ed.:
Posted: 2012-07-06 @ 4:17pm PT
@Namorado_TX: The info we're seeing indicates DNSChanger affects Windows and Mac OS, not Linux, and not mobile platforms. In addition to the link in the article above, check out -- www.dcwg.org -- the DNS Changer Working Group for more detailed info.
Namorado_TX:
Posted: 2012-07-06 @ 3:11pm PT
Neither this article nor the commercial media has made any mention of platforms this affects or doesn't. Obviously it affects Windows, but what about Mac OS X, Linux, and the various mobile apps? No discussion! Are they immune?
Louise Carpenter:
Posted: 2012-07-06 @ 9:54am PT
I tried the FBI dns site a few weeks ago -- and again just now at 12:50 7/7.... got the same message "Internet Explorer cannot display this page". Any other ways to check for DNSChanger????? Many thanks.
Editor:
Posted: 2012-07-06 @ 9:25am PT
The DNSChanger checking page is frequently overwhelmed. If you can't get it to load, check this page:
http://www.dcwg.org/detect/
There's info on how to manually check your PC, as well as links to help pages for various Internet providers, some of which have tools of their own or at least link to other tools.
Sylvia:
Posted: 2012-07-06 @ 8:09am PT
I am being told that the Internet Explorer cannot display the page, when I try the www.dns.ok.us site.
Ed.:
Posted: 2012-07-05 @ 8:38pm PT
@Brent and @TJB:
Yes, the correct site to check is:
www.dns.ok.us
The other site originally mentioned -- DCWG.org -- is an academic site that contains a link to this and other checking sites.
Brent:
Posted: 2012-07-05 @ 6:36pm PT
I'm not sure what dcwg.org is, but the official FBI site for checking your DNS routing is dns-ok.us.
tjb:
Posted: 2012-07-05 @ 4:23pm PT
When I try to have it check my computer at that http://www.dcwg.org it always comes up with problems loading. What's with it?
|
