Friday 25 May 2012

Google alert DNS malware - victim's Internet may shutdown July 9




The number of DNSChanger-infected systems was at around 450,000 worldwide at the end of January, but remains at around 330,000 today. (Credit: DCWG)



Recently there is a annoying malware crawling the web that threatens the DNS server settings, preventing the victims from getting access to the Internet; no, this is not a drama. Even Google itself is warning people around the globe about this malware known as "DNS Changer".

Recently Google is monitoring its users whether the user have this malware in their system or not. Those who are affected can see a warning in their Google search Result page along wih a description about systems not being able to connect to the Internet in future; it says - " Your computer appears to be infected ".

The DNSChanger malware is a Trojan horse infection that at its peak affected approximately 4 million PC systems worldwide, with about 500,000 of those being in the United States. When installed, the malware changes the system's DNS server settings to point to a rogue DNS network set up by the malware developers. 

The DNS network is essentially the phone book for the Internet, and allows the system to convert URL names such as "www.cnet.com" to the IP address for the Web site (a number that the computer and network devices can use). The effort behind the DNSChanger malware was to interfere with this IP address lookup routine and provide a false IP number to the computer. As a result, if you typed in the URL of a legitimate Web site, then the malware developers could redirect you to a fake Web site that tries to phish information from you, have you click on ads for revenue, or otherwise perform unwanted behavior.

In November 2011, the FBI and authorities from other countries arrested the crime ring behind the malware; however, they were faced with a problem about how to fix the millions of PCs that have been infected with the malware. For these systems, their DNS server settings will continually revert to point to the rogue DNS network, even if they are manually changed by the user. Therefore, in order to keep affected people online, the FBI kept the rogue DNS network active, and only converted it to be a legitimate DNS service.

This setup was intended to be a temporary fix while people removed the malware from their systems; however, the eradication of the malware has taken a lot longer than anticipated. The rogue servers were originally to be shut down on March 8, but by that time an estimated 450,000 systems were still infected so the shutdown date was pushed back to July 9.

Even with the criminal arrests and seizure of the DNS network over 6 months ago, an estimated 330,000 systems are still infected to this date, with about 77,000 of them being in the U.S.

This slow response for removing the malware is in part because users with the malware were not properly informed of the issue. Their Internet connections have continued to work just fine, so there has been no reason for them to suspect any problems.

As the July 9 shutdown deadline looms, these systems are in danger of losing their ability to resolve URLs to their respective IP addresses, and thereby lose their ability to connect to the Internet. Because this threatens the connectivity of thousands of PC systems, to help inform people of this malware threat, Google has implemented a service that determines if the rogue DNS network is being used by your computer, and then issues you the warning. 


Well in case you see this warning, there are few things you can do on your own. They are -


So you better keep an eye on your system. Remember one thing, although Google is very neat about its service, the warnings may persist even after removal of the malware. All the best.


0 comments:

Post a Comment