What’s the deal with DNSChanger Malware?
The FBI will be shutting down the temporary DNS servers that they set up to support Internet users that were compromised with DNSChanger malware. Anyone still using those DNS servers will be unable to resolve host names, which will effectively render them unable to do pretty much anything online until they clean up their infected system.
On November 8th 2011, the FBI, in conjunction with NASA-OIG and Estonian police, arrested several criminals operating under the company name “Rove Digital”. Rove Digital had been distributing DNS changing viruses (TDSS, Alureon, TidServ and TDL4). They then routed victims through their own DNS servers in order to direct traffic to junk ads. They infected around 4 million users, and made a reported $14Million before getting shut down.
With such a large number of compromised users relying on Rove Digital’s DNS servers for their Net access, the FBI decided to temporarily leave the DNS servers up and running to give people time to clean up their infected systems. Because people have been slow about cleaning up their computers, the FBI extended their original March deadline to Monday July 9th.
If you would like to verify that your computer is clean, you can go to http://www.dcwg.org/detect/ for a list of safe sites that you can use to check. Should you find that you have a compromised computer, they have good resources available to help you clean up your system.