Right now there are currently over 450,000 computers, including half of the Fortune 500 companies and over 50% of government entities that are still infected with the DNSChanger malware. DNSChanger [read more about it] is a Trojan horse that changes the DNS settings on computers and routers to send users to malicious sites, which then steal personal information and generate illegal advertising revenue for the scammers. Sounds scary, right?
Well it was pretty scary. Thankfully, in November 2011, the FBI took over the botnets rogue servers and shut down the malicious servers and replaced them with the FBI’s own. However, that was just a temporary solution until everyone could fix their computers and remove the infection. And now, time is up on the temporary solution.
On March 8th, 2012 the FBI will be shutting down the servers they put up in replacement of the rogue ones. This means if your computer is still infected with DNSChanger, you will be unable to access the Internet starting March 8th. More specifically, you will not be able to surf the web, check or send emails, post to Twitter or Facebook, or anything that requires an Internet connection.
So how do you know if you are infected? Well, for starters, you need to check your DNS settings. If your DNS settings match any of the following IP Addresses listed below you need to change them.
- 18.104.22.168 – 22.214.171.124
- 126.96.36.199 – 188.8.131.52
- 184.108.40.206 – 220.127.116.11
- 18.104.22.168 – 22.214.171.124
- 126.96.36.199 – 188.8.131.52
- 184.108.40.206 – 220.127.116.11
If your DNS settings match those IP’s, you need to change them. I recommend using OpenDNS. OpenDNS is a great DNS provider that has a bunch of added security features.
OpenDNS provides several tutorials (for every operating system) on how to check your current DNS settings and then change them to use OpenDNS. You can find the tutorials right here — simply pick your operating system and follow the instructions.
Once you have checked and changed your DNS settings, be sure to download, install, update, and run a scan with Malwarebytes’ Anti-Malware to ensure that your computer is 100% clean of the infection.
Lastly, make sure you read my article on how to stay secure online for more information to prevent infections in the future.
UPDATE: While the FBI has extended the date until the servers are turned off, I still recommend following the advice above as soon as possible.