HOW TO: protect your PC against DNSChanger malware
Next week is Cyber Security Awareness week so it’s a good time to make sure we’ve all got the necessary security controls and anti-virus software in place; and our computers and the personal information we store on them is protected.
One of the most virulent malicious software (malware) to emerge in recent times is DNSChanger, with an estimated four million users affected worldwide.
The DNSChanger malware can alter a PC’s Domain Name System (DNS) settings, and potentially the settings of devices such as cable and ADSL modems. As a result, Internet queries are directed to unintended and potentially illegal sites via rogue DNS servers, which were controlled by a sophisticated ring of Estonian hackers. Following a two year investigation, the FBI cracked the hacking ring and replaced these rogue servers with legitimate (albeit temporary) ones, so people could browse the internet as normal.
On July 9 2012, the FBI is required to deactivate these legitimate servers, so anyone that has a computer infected with DNSChanger will no longer be able to browse the Internet. The story behind the DNSChanger malware is intriguing and although it sounds like a sci-fi movie, the reality is these situations are increasingly commonplace.. Everyone that uses a computer or device that accesses the Internet needs to take responsibility to ensure they’re not infected.
You may not notice anything when you’ve been infected by DNSChanger, but it does change the DNS (domain name system) settings on your computer. DNS is an Internet service that translates domain names (or Internet addresses) into IP (Internet protocol) addresses – effectively acting like a massive address book that directs you to the site you’re after.
So with 9 July looming as a potential Internet doomsday, have you checked to see if you are infected?
How to self-check if you’re infected
The good news is it’s really easy to check if you’re infected with the DNSChanger malware by visiting ACMA’s website. If you’re safe you’ll see a green icon; if you’re infected you’ll see a red icon. It’s a good idea to visit this website from all the computers you use.
How you can fix your infected computer
If you are infected, there are two things you need to do: remove the DNSChanger malware and correct your DNS settings.
DNSChanger removal tool
Microsoft’s Malicious Software Removal Tool (MSRT) is a free downloadable application that can scan a computer and remove common viruses and malware, including the DNS Changer malware. Once you’ve scanned your computer, it’s important to visit the ACMA website again and if you see the red icon that indicates you are infected, you may need to correct your DNS settings.
Correcting your DNS settings
Your computer’s DNS settings can be found in your computer’s control panel and the way you change them depends on which operating system (ie Windows XP, Windows 7) you’re using. The DNS settings you should use are also generally provided by your Internet Service Provider. BigPond’s DNS settings are available on BigPond.com as well as some instructions for checking with Windows XP/2000 and Vista.
How Telstra is helping…
BigPond customers that are infected won’t lose access to the internet on 9 July. Telstra is engineering a temporary network solution to redirect Internet traffic away from the FBI servers targeted for deactivation. The redirection is temporary, but will give us more time to contact these customers and help them to remove the malware and fix their DNS settings.