Are you going to be able to access the Internet come March 8th?
Most people I know are not avid readers of what goes on in the computer world and certainly even less bother to follow the computer security press and the various reports of new malware that arrive every day now. Following computer security issues as we do, it should come as no surprise that a new Trojan is becoming passé’ to the point where we have to continually remind ourselves that vigilance is vital to protecting computers, the networks they are on, and what is stored on the devices on the Internet. So it’s a real treat when an old piece of malware makes a comeback either in a new form, or in a way that is unexpected.
Today, I want to briefly discuss an interesting comeback of an old Trojan that makes it reappearance in an unexpected say. DNSChanger is a Trojan horse that changes the DNS settings on computers and routers to send users to malicious sites which then steals personal information and generates illegal ad revenue for scammers. In November of 2011, the FBI took over the DNSChanger's rogue servers and replaced them with clean DNS servers. In essence, all computers and devices which formerly would get their DNS information from the Trojan’s server now gets their information from the clean DNS server that the FBI put into service instead. However, on March 8th of this year, the FBI will be shutting down the clean DNS servers they put up in replacement of the rogue ones.
So the obvious question to ask is what does this mean and how could it affect me…
What it means is that on March 8th, any machine still infected with the DNSChanger malware will be unable to get on the Web, send emails, or do anything else online. Instead what will happen is that the PC or network device will be able to get any DNS information from the IP addresses they have been pointing to, and will basically become a dead paperweight as far as usage is concerned.
While I believe that basically the FBI’s heart is in the right place, the fact that there really hasn’t been a lot of activity to publish a fix for this problem in the computer press and what could happen once the servers are shut off, tells me there is a real lack of concern from the FBI about what could happen once all those once functioning Internet devices suddenly die and support groups, resellers, and vendors are overwhelmed with support requests. An Internet search shows basically two periods of activity on this subject; one in the summer of 2008 when the Trojan was first identified, and the second just in the last couple of months about the ramifications of what will happen. In Internet time, two plus years is ancient history and therefore almost irrelevant. However the last month or so, while the solutions are there, the press has been slow to reopen what the effects of the FBI’s actions will have on network devices. At least we get a roughly two week warning, but I really think someone in the FBI needs to be reminded that they serve the citizens of country and not themselves.
So now the question comes, what you can do.
Rather than give you a massive list of links to follow, let Google, Bing, etc. do the work for us and do a search on DNSChanger. That will give you a variety of links to find out more about it, and also how to remove the Trojan if it still exists on your system. I would think that most malware cleaning software would have already completed this task for you. But you should find some software tools which will adjust the DNS settings on your device so that you can surf and read your email again. One such tool you can use is called AviraDNSRepair which can be downloaded from Avira. One thing to be sure to remember is that come March 8th and you can’t get on the Internet, you are going to need something to reconfigure your DNS, so it may be a best practice to download it now and have it available if you should need it.