On Monday July 9 many of the computers still infected by the DNSChanger trojan horse malware will be disconnected from the Internet. Be warned, online blackouts are never fun.
DNSChanger is a trojan horse malware that began infecting machines around 2007. It worked by changing a computer’s DNS settings so that all traffic was redirected to rogue servers operated and controlled by cyber-criminals. Victims would be taken to malicious websites full of suspect adverts, and clicking on these ads could pass personal information on to the gang.
It was a masterful coup that ran for four years, at which point the scammers alleged to be behind the malware were caught in November 2011. There turned out to be a number of variants of DNSChanger, all of which worked in the same way. A joint operation by U.S. and Estonian authorities called Ghost Click eventually took them all offline.
It was at this point that a federal judge in New York ordered temporary servers be kept in place to prevent those users unknowingly affected by DNSChanger being forced offline. But that temporary fix, meant to enable the last enclave of infected machines to be fixed, ends on July 9. At 00:01 EDT on Monday the temporary servers will be switched off, leaving people without access to the Internet.
Around 250,000 computers are still thought to be infected by DNSChanger, although how many of these are still being actively used isn’t clear. Some Internet providers have put provisions in place, but either way now is the time to find out if you’re infected and, if so, fix the problem.
This can all be achieved by visiting the DNS Changer Working Group (DCWG) website which contains all the information and tools you’ll need to remedy the problem. If you don’t ensure your PC is free from the DNSChanger malware then this could be the last article you read online for some time.