Check your DNS settings if you want to surf the web after 8th March

After a cybercriminal botnet was taken down by FBI, temporary DNSs set up to replace infected DNSs will be deactivated after 8th March. 

On Wednesday, the German Federal Office for Information Security (BSI) advised users to recheck DNS server settings on their computers. This recommendation is related to the successful botnet takedown – dubbed ‘Operation Ghost Click’ –  led by the FBI during November 2011.

The bad guys behind this botnet had infested approximately 4 million computers in more than 100 countries with malware called DNSChanger. This Trojan horse allowed them – among other things – to redirect requests of unsuspecting users to malicious or illegal destinations by altering their connection settings, namely the address of the DNS server. More detailed information on this scam can be found in a post by Stephen Cobb.

Now, what’s all the fuss about after more than 9 weeks, you might be wondering? Well, if you happen to be one of those “brave people” running their systems without any anti-malware protection, or if that protection hasn’t been – for whatever reason – triggered by this malicious code, your computer might still be infected. No need to panic – all the malicious DNS servers were replaced with correctly-operating systems during the takedown.

Having said that there are two good reasons to check your system anyway. The first and pretty obvious reason is that you don’t want any unwanted process running on your computer without your consent, right? The second is that if your PC is still infected you won’t be able to surf the Internet after 8th March 2012. How come? Those replacement DNS servers will be shut down on that day; it’s as simple as that.

There are more ways how to check whether your PC had been affected or not. For example, you can do so manually using a form on the official web of the FBI or by visiting one of the following sites, designed with support from the BSI – www.dns-ok.de (in German) or http://www.dns-changer.eu/en/check.html (also available in English). Also, information on how to proceed in order to clean an infected system is provided on these sites.

I think it’s worth the time, just to be sure. And even if you have dodged the bullet you might still know someone who would find this information useful.

Peter Stancik
ESET Security Expert


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s