The FBI has relaunched its campaign to warn that hundreds of thousands of individuals could lose access to the internet come July 9 unless they disinfect and remove the DNSChanger malware off their computers. Part of the new campaign is a website of the DNS Changer Working Group (DCWG) that helps users determine if their machine is infected with the DNSChanger malware.
The DNSChanger malware changes the DNS server settings of the computer, making it part of a botnet. The malicious DNS server setting causes web browser redirects so that the botnet owners were able to manipulate internet advertising to generate at least $14 million in illicit fees. In some cases, the malware had the additional effect of preventing users’ anti-virus software and operating systems from updating, thereby exposing infected machines to even more malicious software.
In November 2011 the FBI seized the rogue DNS servers and replaced them with legitimate servers in the hope that users who were infected will not have their Internet access disrupted. These servers were originally to be kept online until March 8, but an extension was filed with the U.S. Court because a significant number of computers still remained infected. The extension is set to end on July 9 and it appears that there won’t be another one.
The DNSChanger Working Group posted a list of software, which includes HitmanPro, that can be used to fix, remove, and recover from DNSChanger malware: http://www.dcwg.org/fix/