From ZDNet – 4/27/2012
Summary: The DNSChanger botnet is long dead, fixes for the malware have been around for months, but over 350,000 users still haven’t fixed their computers or routers, so in July they’ll be knocked off the Internet.
DNSChanger is a Windows and Mac Trojan that’s been around since 2007. What it did was to cause Windows PCs and Macs to use rogue Domain Name System (DNS) servers. First, it changed your computer’s DNS server settings to replace your ISP’s good DNS servers with rogue DNS servers (PDF Link) operated by the criminal. Then, it tried to compromise your routers and home gateways. It did this by using the most default user names and passwords for small office/home office (SOHO) dynamic host configuration protocol (DHCP) servers. If successful, DNSChanger switched your router or gateway’s default DNS servers to the rogue DNS servers. This in turn would make all the PCs on your LAN go to the corrupt DNS servers. This way a single infected system could compromise every PC on a network even if they didn’t have an infection.
What happened then was that when you tried to go to a popular Website, like Amazon or iTunes, instead of seeing the content you’d expected, you’d see large advertisements or were rerouted to spam or malware sites. Adding insult to injury, DNSChanger also blocked access to anti-virus sites to prevent the removal of the malware.
Back in November, in Operation Ghost Click, the FBI shut down the botnet behind DNSChanger. In the meantime every major anti-virus company have updated their programs to find and smash DNSChanger. So, why in April, is it still a problem?
Click here for the full article on the DNSChanger botnet from ZDNet.
Click here for the Official FBI notification.
Click here to check whether or not you could be affected.
Click here for instructions on how to remove the infection.
To fin out how ingenuIT can protect your small business for all forms of malware, please click here.
We offer technical support and consulting to businesses throughout NYC – Manhattan, Queens, Long Island City, Brooklyn, Union Square, Gramercy, Chelsea, Midtown, Downtown, Financial District, Murray Hill, Upper East Side, Tribeca, NoHo, East Village, Little Italy, Battery Park City, Hell’s Kitchen, Upper West Side, Long Island City, and others. We serve the following zip codes: 10004, 10038, 10013, 10002, 10012, 10014, 10003, 10009, 10011, 10016, 10001, 10018, 10017, 10022, 10065, 10021, 10028, 10128, 10029, 10019, 10023, and 10024.