Are you a victim of DNSChanger trojan?
If you can read this, and don’t see the display like the below, you can take a sigh of relief. However, if you see a notification, it means your computer has been compromised and infected by DNSChanger trojan :
The trojan was created by cyber criminals headquartered in Estonia which caused infected PCs and Macs to use rogue Domain Name Servers (DNS). When a person using a compromised machine tries to go to certain web sites, these servers redirect them to a spam or malware site.
DNSChanger is malware that was active for years and according to the Federal Bureau of investigation, it infected approximiately four million computers in 100 countries before its creators were arrested in November 2011. After the arrest, the FBI arranged for the Internet Systems Constorium (ISC) to deploy temporary DNS servers to give victims a chance to remove the trojan and restore normal DNS settings. But the arrangement is due to expire on July 9, 2012, when the clean servers will be turned off.
DNSChanger malware causes a computer to use rogue DNS servers in one of two ways. First, it changes the computer’s DNS server settings to replace the ISP’s good DNS servers with rogue DNS servers operated by the criminal. Second, it attempts to access devices on the victim’s small office/home office (SOHO) network that run a dynamic host configuration protocol (DHCP) server (eg. a router or home gateway). The malware attempts to access these devices using common default usernames and passwords and, if successful, changes the DNS servers these devices use from the ISP’s good DNS servers to rogue DNS servers operated by the criminals. This is a change that may impact all computers on the SOHO network, even if those computers are not infected with the malware.
For more information, please visit DNS Changer Working Group (DCWG) (opens in a new window/tab) and FBI (opens in a new window/tab)
DNSChanger detector script courtsey: Cloudfare (opens in new window/tab)
