April 23, 2012

A Reminder About the "DNS Changer" Trojan

There's been a lot in the news today about the DNS Changer trojan, still likely affecting vast numbers of PCs and Macs. With the renewed push to remind users what's at stake, I wanted to very quickly provide a recap and a list of useful resources regarding this important issue.

DNS Trojan has been around for approaching five years or so, but last November a massive effort by the FBI and others resulted in a number of arrests and the seizure of associated server systems.

At its peak, perhaps an estimated 14 million computers were involved globally.

What's particularly insidious about this situation is that users' systems could be infected with DNS Trojan for long periods, which resulted in their Internet activity being diverted through compromised DNS servers and opening up vulnerabilities to even more infections, without users even being aware of what was happening.

When the related server systems were seized, it created a quandary. If the servers were simply disconnected, all user systems currently infected with the trojan would no longer resolve Internet domain names to addresses, and would for all practical purposes be "cut off" from the Internet.

While it is relatively straightforward to solve this situation if you know the procedure and have the necessary information, fixing this is not something that is obvious to most users.

So it was arranged for "clean" DNS servers to temporarily replace the nasty ones, originally until last month, and then extended to July 9. This kept users with contaminated systems from losing most Internet connectivity, but didn't actually remove the trojan, either.

So barring another court extension, systems that are still infected with DNS Changer that have not cleaned out the Trojan and repaired their DNS systems, are going to lose their address resolving capabilities on July 9, and that means they won't be accessing any websites in normal manners.

Whatever your location (this attack was not limited to the U.S. alone), it is important to verify that your systems, both PC and Mac, are free of DNS Changer as soon as possible. Don't wait for the deadline!

Here are some useful resources to help with this:

A good overview article from PC World provides a lot of background information and additional links.

The DNS Changer Check-Up site will give a quick "green" or "red" status on your system, though it is not guaranteed to be 100% accurate since ISP-based actions to deal with this situation may fool this test.

The official FBI page explaining the Trojan and more details regarding what was known as "Operation Ghost Click" is also definitely worth visiting.

The important thing to remember is that while you have a couple of months before the actual shutdown that will affect infected systems, you should act now to make sure your systems are clear of DNS Changer, and avoid being unpleasantly surprised down the line.

If you have any additional questions, please drop me an email and of course I'll try to be of assistance.

Take care, all.


Posted by Lauren at April 23, 2012 08:36 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein