A DNS changer malware is set to knock off hundreds of thousands of computers offline. The good news is that there free tools to resolve this problem.
[caption id="attachment_11228" align="alignleft" width="90"]
Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.[/caption]You’ve probably read in the paper or saw on the news that hundreds of thousands of computers might lose Internet access after July 9. I’ve had several clients ask, “Is this true? How serious is it?”The short answer is, you’re probably fine. If you use Tech Experts for your anti-spyware, anti-virus, and anti-malware services, we have you covered.Don’t get me wrong, this is a serious threat. If you happen to be one of the people with an infected computer, then yes - there’s a good chance you could wake up on July 9 to no Internet.
In a word, malware.Last year, malware infected over half a million computers worldwide. This nasty virus modified the process your computer uses to translate domain names - like “MyTechExperts.com” - into IP addresses - like 22.214.171.124. It’s the IP address that locates the actual physical server that houses the website.To perform that translation, computers are programmed with translators - DNS servers - that answer questions like, “What’s the IP address for www.google.com?” DNS servers are automatically provided by your Internet provider when you connect to the Internet.When this “DNS Changer” malware infected a computer, it altered the translation server that the computer would use. Rather than a legitimate DNS server, PCs were silently reconfigured to use a bogus one.The problem is, this new bogus server sometimes lies.
Rather than answering the question, “What’s the IP address for google.com?” with the correct answer, the fake DNS server would return a different IP address: the address of a malicious server that was configured to look like Google, but that is really a server run by identity theives.As long as the malicious server looked enough like Google, the computer user wouldn’t know until it was too late that something was wrong. They’d be tricked into thinking it was Google.The bogus site (which could be any site the hackers chose, not just Google) could itself install more malware, display additional advertising, or do just about anything that a malicious website could do. All without warning.
In November, the hackers were caught. But hundreds of thousands of infected machines were left with their DNS settings pointing to the fake DNS servers.So, rather than removing the fake DNS servers from the Internet, the agencies that caught the hackers changed them to be legitimate ones. The government is spending about $10,000 per month to maintain these servers.While this meant that people with infected PCs would be able to surf the net more safely, it didn’t change the fact that their computers were, fundamentally, still infected.On July 9th, the government is shutting down the temporary DNS servers. Anyone whose computer is still infected, and is using those servers to get DNS answers, won’t get an answer at all.Without a working translator - DNS server - your computer can’t answer the “What’s the IP address of xyz.com” for any site on the Internet. For those people with infected computers, the Internet will simply stop working.Let me be clear: the Internet will stop working only if your machine is infected. It’s easy to find out if you’re infected. Visit the DNS Changer Working Group at http://www.dcwg.org/ and click the green button labeled “Detect.”This will examine whether or not your computer is affected by the DNS Changer malware. If you’re not, you’re done. July 9 will be a non-event for you.
If DCWG indicates that you’re affected, the page should also include information on what to do to clean the infection from your system.The good news is that there are many free tools that are listed as resolving the issue - free tools from most of the major anti-malware utility vendors.Specifically, Windows Defender Offline (formerly Microsoft Standalone System Sweeper) is listed, and it would probably be the tool I’d reach for first.After cleaning DNS Changer off of your machine, I would also seriously review the anti-malware tools that you’re currently using. Put simply, it should have been caught by now.