Sunday, April 22, 2012

Computers Infected With DNSChanger Trojan To Lose Internet July 9!

If your computer has been infected with the DNSChanger Trojan, you better fix it now or forget surfing the web because you won't be able to access the Internet after July 9. The original deadline was March, but a Federal judge determined that wasn't enough time.  Problem is: most people have no clue any of this is going down, let alone that their computers have been infected.

For those who might not know

Back in November, law enforcement authorities working with the Federal Bureau of Investigation arrested six of the seven individuals in Estonia responsible for infecting millions of Windows and Mac machines worldwide with the DNSChanger Trojan. As part of the "Operation Ghost Click" raid, FBI agents also seized over 100 servers at data centers throughout the United States masquerading as legitimate DNS servers.

The DNSChanger malware replaced the Domain Name System settings for the computers and routers it infected with addresses of malicious servers. When users tried to access certain websites, the rogue DNS servers redirected the Web traffic through other servers controlled by the criminals. Those criminals pocketed millions of dollars in affiliate and referral fees by diverting users through those sites, according to the FBI.

Users who found themselves landing on strange sites unexpectedly, or had home computers that had difficulty connecting to their work VPNs were likely to be infected.

Rather than allow hundreds of thousands of infected users to lose Internet access, the FBI created an alternate system:

We started to realize that we might have a little bit of a problem on our hands because ... if we just pulled the plug on their criminal infrastructure and threw everybody in jail, the victims of this were going to be without Internet service," said Tom Grasso, an FBI supervisory special agent. "The average user would open up Internet Explorer and get `page not found' and think the Internet is broken."

On the night of the arrests, the agency brought in Paul Vixie, chairman and founder of Internet Systems Consortium, to install two Internet servers to take the place of the truckload of impounded rogue servers that infected computers were using. Federal officials planned to keep their servers online until March, giving everyone opportunity to clean their computers. But it wasn't enough time. A federal judge in New York extended the deadline until July.

Now, said Grasso, "the full court press is on to get people to address this problem." And it's up to computer users to check their PCs.

Apparently, the hacker scumbags infected over 570,000 computers around the world, thanks to some Microsoft Windows vulnerabilities (important to keep those up-to-date, folks). There are now estimated to be about 360,000 computers still infected, 85,000 of those in the U.S.  England, Germany, Italy and India each have over 20,000, with fewer amounts in other countries including Canada, China, France, Mexico and Spain.  Most are probably home users.

The FBI recommends DCWG to check whether your computer has been compromised.
If you click here and the symbol is red, your computer is infected. If green, you are fine.
The clean-up, however, isn't so easy, and it's recommended that you get a computer whiz to help.

Thankfully, mine is fine.


ICS, Inc. said...

I had absolutely no idea that this was going on. Doesn't seem like the FBI is doing much to try and put the word out there, I mean 85k computers in the US and England is a big deal.

Anyway, thanks for putting this out there, I got checked and luckily I'm good.

Incognito said...

Not sure why this information isn't out there. I only saw this on a tech site that I subscribe to. One would think.
oh well.