Trojan Virus Named DNSchanger
A Trojan virus named DNSchanger, first discovered in 2007, is controlling 350,000 computer’s DNS. What is DNS and why does it matter to me? DNS (Domain Name System) translates those easy to remember URL’s (apple.com) in to a numeric addressing system also known as IP addressing (apple.com = 17.172.224.47). Every computer on the internet has an ip address and a DNS server it looks to, like a map, for directions to websites. Without DNS the web would not be what it is today. DNSchanger takes advantage of the address translation. So when you go to a popular Website such as Amazon.com or Apple.com, instead of seeing the website you’re expecting, you will get a fake site or a malicious advertising site. DNSchanger also blocks antivirus updates so it can remain on your system undetected.
Since 2007 DNSchanger Has Infected Millions of Computers
Around 500,000 computers in the U.S. have been infected. Through the infected computers, the criminals have reportedly pulled in around $14 million in stolen funds. This success spurred the criminals to branch out from targeting Windows PCs to other platforms that include the Mac OS and also networking hardware such as routers, so entire networks could be scammed. Reference – Cnet.com
Why This Matters to You
Back in November 2011, in Operation Ghost Click, the FBI shut down the botnet behind DNSChanger. In the meantime every major anti-virus company has updated their programs to find and remove DNSChanger. The FBI setup a safety net to filter any reaming DNSchanger infections. The safety net is a DNS server setup by the FBI in place of the rouge DNS server the FBI took offline. Again why is this a problem?? Because now, the FBI wants to take that safety net DNS server offline this past November. Here is where you’re affected… Once the FBI takes the safety net DNS server offline on July 9, if your PC is infected with DNSchanger trojan you will lose your internet connectivity on July 9. What do I do now? Read on…
If your lucky enough to be a managed client of Intec Solutions, meaning you have an active support contract we have already checked and repaired your Server and firewall DNS. We are asking users to test their individual computers. If you find that your PC is infected there are instructions on how to remove DNSchanger below.
TEST Your PC
Click on one or both of the links below. The test is instant, so please do not delay.
Removal
- Microsoft Safety Scanner – http://www.microsoft.com/security/scanner/en-us/default.aspx
- Kaspersky Labs TDSSKiller – http://support.kaspersky.com/faq/?qid=208283363
- Additional removal information – http://www.dcwg.org/fix/
Reference
- Internet doomsday DNSchanger defined http://www.f-secure.com/v-descs/dnschang.shtml