Viruses and Trojans have been infecting computers almost as long as computers have been in businesses. Some are relatively harmless, while others bring entire networks down. One Trojan, DNSChanger, was malicious enough to force the FBI to step in. Users infected with DNSChanger could find that their Internet won’t work after July 9.

While the source of DNSChanger has been removed, essentially killing it. There are still infected users out there who may have their Internet cut off in July if they don’t deal with it by then.

What is DNSChanger?
DNSChanger is a Trojan that hijacks a user’s Internet at the most basic level – the DNS. When an infected user enters a web address, DNSChanger returns a similar looking page, but with ads that are owned by hackers. This allowed the hackers to manipulate online advertising to make money – around USD 14 million – by the time they were shut down.

Aside from that, DNSChanger also prevented users from visiting security websites, like mcafee.com, and from downloading program and OS updates. As many as four million computers, including some Fortune 500 and government computers, have been infected worldwide.

What’s a DNS?
A DNS – Domain Name System – is a crucial service that converts domain names like www.google.com into code that computers can understand. The DNS essentially makes it easier for computers to talk with one another. Without it, any program or action that uses the Internet wouldn’t work.

What did the FBI do?
Because the malware affects the DNS, the FBI couldn’t just shut down the servers that the infected users’ computers talk to, as they wouldn’t be able to access any Web pages. So, they replaced the DNS servers that the hackers used with new ones. These servers will go offline in July, at which time any user still connecting to the DNS servers, or who is still infected regardless of their location, could be affected.

What should I do?
If you’re infected by this malware, and don’t remove it by July 9, your Internet access could be shut down. To prevent this, it’s important to contact your IT service provider and work with them to ensure your systems are clean, and that your security is up to date.

Update

Google plans to send alerts to users that are infected by DNSChanger. When a user accesses one of Google’s functions, like search, Google will show a message informing the users they may be infected and offer tips on how to get rid of it.

If you think your systems or network aren’t secure enough, please contact us, we are ready to help.