The "DNSChanger" plot, which was reported to have netted Estonian fraudsters US$14 million, was cracked and the servers were taken over by the United States FBI in November. Since then, it has been keeping the servers running so as not to inconvenience computer users, but it will shut them down on July 9.
au &nz.http://www.acma.gov.au/WEB/HOMEPAGE/PC=HOME
au & nz.http://www.dcwg.org/
What is the DNS Changer Malware?
On November 8, the FBI, the NASA-OIG and Estonian police arrested several cyber criminals in "Operation Ghost Click". The criminals operated under the company name "Rove Digital", and distributed DNS changing viruses, variously known as TDSS, Alureon, TidServ and TDL4 viruses.
au & nz.http://dns-ok.gov.au/
What is DNSChanger?
DNSChanger is a class of malicious software (malware) that changes a user's Domain Name System (DNS) settings, enabling criminals to direct unsuspecting internet users to fraudulent websites and otherwise interfere with their web browsing. It has been associated with 'click fraud', the installation of additional malware and other malicious activities.
In November 2011, the FBI closed down a ring of cyber-criminals believed to be responsible for the worldwide spread of DNSChanger.
This temporary solution is expected to be switched off as early as 9 July 2012. It is likely that users infected by DNSChanger will be unable to connect to the internet when the temporary DNS solution is switched off.
More information
General information about DNSChanger
External Links
FBI DNSChanger document (PDF)
FBI DNSChanger arrests
DNS Changer Working Group
Checking your computer
You can perform an automatic check of whether your computer is infected with DNSChanger by visiting the dns-ok.gov.au diagnostic website.
If you prefer to perform a manual diagnosis, you will need to check the computer.s DNS settings and the settings of any wireless access point or routers you may be using. The FBI provides the following instructions (PDF) for checking the DNS settings on a range of operating systems.
http://www.fbi.gov/news/stories/2011/november/malware_110911/malware_110911
The malware secretly altered the settings on infected computers enabling the defendants to digitally hijack Internet searches and re-route computers to certain websites and advertisements.
“These defendants gave new meaning to the term, ‘false advertising.’
http://www.dcwg.org/cleanup.html
Home Users
Check to see if you are affected by visiting one of the following DNSChanger Check-Up Sites:
If you are not affected by DNSChanger then do nothing. You are done here.
If the Check-Up Site indicates that you are affected then either follow the instructions on that site or run one of the following free tools listed below to remove DNSChanger and related threats: