HKCert
Security Blog

Count Down to D-day (Jul-9) for DNSChanger Victims

Release Date: 27 / 06 / 2012
Last Update: 07 / 07 / 2012

Do you remember the DNSChanger malware? The DNSChanger malware infected 4 million computers around the world. The criminals behind DNS Changer altered the domain name server settings of the infected computers or broadband routers to point to attacker owned domain name server. It causes the victims to visit the specific malicious web site unknowingly. HKCERT reported the botnet malware in the security blog early March this year with more details:

 

https://www.hkcert.org/my_url/en/blog/12022901

Image courtesy: DCWG

 

The D-Day is July 9

 

Although the FBI takedown the botnet behind DNSChanger in November 2011, the victim’s computer or broadband router still using the DNS servers controlled by the criminals. To avoid the victims losing Internet connection after the DNSChanger botnet takedown, the U.S. District Court appointed ISC to take over the domain name server controlled by the criminals temporarily. The ISC temporary servers will be shut down on July 9, 2012. The DNS Changer Working Group (DCWG) still found 0.3 million infected computer or broadband router in the world. You must act now to check if you are affected!

 

If your computer or broadband router is infected with DNSChanger malware, it may have the following impacts?

  1. The victim's computer may visit a malicious web site, including phishing website or other malware hosting website. These websites may steal the data in the computer or even control the computer.
  2. Start from Jul 9, 2012, since the victim's computer or broadband router cannot resolve the domain name. Therefore they cannot access the Internet.

To get to know your computer or broadband router is infected with the DNSChanger malware, in accordance with the following three steps to check, clean up and restore:

 

3 steps to remove DNSChanger malware

  1. Check
    Please use the web browser (e.g. Chrome, Firefox, Internet Explorer etc.) to visit the below testing website:
    http://www.dns-ok.us/



    If your computer cannot visit the above website, please follow the instructions in below website to check it manually:
    http://www.dcwg.org/detect/
     
  2. Clean up
    Please use the free malware scanner (online) websites or malware scanner listed in HKCERT website to clean up your computer
  3. Restore
    Please use the below utility or manual restore method to reset the domain name server settings

Note:

If you still cannot connect to the Internet, please contact your ISP for assistance.

 

Reference

http://www.dcwg.org