Thousands still infected with DNSChanger malware


Thousands of Internet users with infected computers might lose their Internet connection from today as the DNSChanger malware kicks into action. The malware program has been in circulation and spreading rapidly since 2007 and makes changes to an infected computer’s settings so that it is forced to use illegal servers that redirect users to fake websites.

Thousands of Internet users with infected computers might lose their Internet connection from today (image: stock.xchng)

“Google has rolled out a program to notify people when it detects that their computer is trying to reach those temporary DNS servers,” wrote Cameron Camp, a security researcher with the Internet security firm ESET, in his blog.

Camp added that search engine Google will warn users before they enter any information to fake websites. “If you use Google search, that will trigger the detection process and a message will appear saying that ‘you might be infected’, if Google detects those temporary DNS servers.”

While the malware is still infecting computers, officers from the FBI and Estonian police force captured a number of the malware’s creators in November last year.

Since the malware’s discovery and arrests, the FBI received permission by way of a court order to use replacement servers, which allowed for infected users to browse the web normally – but the court order expires today.

That leaves around 300 000 infected computers around the world with the potential to lose their connection and be redirected to fake websites. “Reaching victims is a very hard problem, and something we have had issues with for years,” said Johannes Ullrich, a researcher with the SANS Security Institute.

Charlie Fripp – Consumer Tech editor

1 COMMENT

  1. >Thousands of Internet users with infected computers might lose their Internet connection from today as the DNSChanger malware kicks into action.
    >

    This is erroneous – DNS changer isn't going to kick in today. What is happening is that the FBI managed servers that have been helping the infected computers will shutdown, making users incapable of resolving any names.

Comments are closed.