DNSChanger Malware, Is The Threat Finally Over?

DNSChanger malware has lately been the hottest issue discussed in media and on technology forums all over the world. As usual, the mainstream media has misinformed the worldwide users by placing the emphasis on perhaps the least important aspects of this deteriorating bug. The whole thing started in late 2011 with headlines like “There is a very dangerous virus affecting DNS on computers” and reports like “Internet security agencies have warned the dangers of a DNSChanger virus which is difficult to eradicate, etc.  And most people thought that this is the same kind of malware that hit the computers back in 2008 and some weren’t even bothered. However, the good news is, the day it was supposed to get into action this year has passed rather peacefully and there aren’t many reports of too much loss.

FBI had earlier announced that it will disable a network of DNS servers on July 9 that had temporarily established to halt the spread of malware DNSChanger. The decommissioning of temporary network of servers could prevent thousands of computer users who are still infected with DNSChanger, to access current services on the Internet. The FBI, according to Associated Press, estimates that over 277,000 computers and routers still contain the malicious virus.

The malware which was spread by a criminal network from the Republic of Estonia have infected about four million computers and routers connected to the Internet in more than one hundred countries between 2007 and 2011. Computer systems belonging to individuals, businesses and government entities have been infected with this curse.

The FBI announced in November 2011 that it is going to nab the culprits responsible for the spread of this malware, who operated under the guise of a company called Digital Rove. As a result, six Estonians were arrested. A court order had allowed the agency Internet Systems Consortium which publishes critical Internet infrastructure software, to deploy up to 8 March 2012 a network of healthy DNS servers so the infected computers can be cleaned and restored to their original parameters related to DNS servers. However, shortly after the original due date, disabling the network of DNS servers had been temporarily postponed till July 9, 2012.

According to an update made on 11 June by the International DNS Change Working Group, which monitors the network of DNS servers reported that 8924 unique IP addresses in Canada are associated with computers and routers that were still infested by the same malware. The Canadian Internet Registration Authority and the Canadian Cyber ​​Incident Response Center of the Ministry of Public Security, Government of Canada established a website to verify, through analysis of a DNS query, if a computer or router is infected by DNSChanger or not. If this happens, the site provides a procedure for removal of malware and restores settings for access to DNS servers. The user must confirm the IP address of an appropriate DNS server from its supplier of Internet service.

The scope of DNSChanger

According to the FBI, DNSChanger modified the DNS server settings on computers and routers to direct requests for the domain name servers – for converting URLs into numeric addresses. These servers direct users to malicious websites whose operators virtually steal the money users had transacted for a product or service they had bought over the internet.

Also, the scheme would have served to get criminal at least 14 million dollar in payments related to the legitimate Internet advertising display. These payments are paid to advertisers by website owners when their ads are displayed or when users click on their ads. Moreover, the malware deactivate the mechanisms for updating antivirus software and operating systems on infected computers.

What is DNS?

The domain name system or DNS translate domain names to Internet Protocol (IP) that computer uses to communicate with a server. When users enter a URL in their Web browsers, their computers are brought into contact with DNS servers. If computers have the wrong configuration for servers, they cannot access websites, send email or use Internet services.

A little help!

Leading computer security company McAfee has just launched some free tools that help consumers identify the risks of DNS related malware so they can modify the DNS settings.

McAfee has also just released a free tool to help consumers who may be infected by the DNSChanger virus to stay connected after the servers are closed by the FBI on July 9. The tool which is available on www.mcafee.com help users easily identify if the malware has affected their systems and offers a free solution to deal with it.