Mili Note: If you are using a non-Windows system (Linux or Mac), the instructions given at the bottom of this will do you no good. You are much less likely to be infected, but if you know how to access your default DNS settings to view which servers you access (likely the defaults for your ISP or Google’s OpenDNS), you can check them against the DNS Changer virus list. Be sure to also check your home router, if any, as it may also have default DNS settings. Ask a trusted and knowledgeable friend if you need help doing this stuff. Looking up your computer’s default DNS settings is not going to hurt anything, but attempting to change them may.
The change could potentially leave a great number of Internet users without access to the Web.
…the feds replaced the criminals’ servers with clean ones that would push along traffic to its intended destination. Without the surrogate servers in place, infected PCs would have continued trying to send requests to aim at the now-unplugged rogue servers, resulting in DNS errors.
The malware, called DNSChanger Trojan, is said to illegally redirect traffic and prevent users from accessing the updates necessary to remove it. Without access to these critical patches, these large companies, government agencies, and home users are said to be more susceptible to hackers.
This fact does raise the question of why so many Fortune 500 companies and government agencies have failed to notice they have a problem, as they presumably have IT security professionals on staff who should be monitoring such incidents.
Those computers still infected with the Trojan will not be able to access the Internet after the FBI shuts down their temporary servers.
The feds received a court order in November, 2011 to replace the “rogue” servers with surrogate servers to operate “just long enough for companies and home users to remove DNSChanger malware from their machines.”
Rod Rasmussen, president of Internet security company Internet ID, told Krebs on Securitythat there are still millions of PCs infected with DNSChanger. “At this rate, a lot of users are going to see their Internet break on March 8.”
A working group advising the FBI is said to be considering requesting an extension of the court order to give more time to users of infected machines to remove the malware.
Although this may indeed be a very real problem that Internet users must be vigilant to protect themselves from, depending on the government to provide servers when their own agencies are infected doesn’t seem like a trustworthy solution. Additionally, a previous private-government working group put together in 2009 to combat the Conficker Worm has accomplished very little as 3 million computers are still said to be infected.
These viruses are called Trojans because they are disguised as something friendly, enter computers, and then install malicious software. Someone with a healthy distrust of the government may see the FBI’s warning that millions will be cut off from the Internet as a Trojan Horse itself so that they may retain control over the new servers.
After all, if the FBI is controlling the “legitimate” servers, wouldn’t they have access to all the traffic information of individual users and large corporations?