Are you infected? DNSChanger Overview
Malware is a constant source of anxiety to any computer user. Not only can it slow down your computer, but it can fool you into giving away personal data or purchasing phony products with your credit card.
In today's world, most computer users are non-technical consumers. This is similar to how we are all electricity consumers. We use power but don't necessarily worry about the details of how power is generated and distributed. We just know that it works and leave the details to the experts. Since electricity is so dangerous, there are mandatory safeguards that have to be followed.
Much like power utilities, regulated industries like financial and medical are required to safeguard your data or be fined severely. Personally, you don't have to protect your computer, but if you don't hackers and identity thieves can ruin your life. Your best protection is to be an educated consumer so that you are aware of threats and put in the proper safeguards. Computer safeguards are spam and content filtering, virus and malware protection and most importantly, knowledge.
If you are not trained in computers, much of the terminology is confusing. Regardless of the discipline, when you simplify a complex topic to make it understandable to a general audience some of the essence will be lost. This is unavoidable. So when you read something that is written for universal consumption, experts will argue and take exception over the details and still the audience may be confused. This is exactly what is happening in the DNSChanger discussion. If you read about DNS malware and still don't know how to check for an infection, please contact an IT expert. Although the effects of DNSChanger can now be easily fixed, you may unsuspectingly have other infections.
When the FBI discovered the computer fraud ring in Operation Ghost Click, the number of compromised computers was so great they replaced the scam servers with legitimate servers. This was to give users a chance to remove the infection before the FBI removed the DNS addresses. The replacement servers are set to be retired on July 9, 2012.
Since DNSChanger hijacked your PC and pointed your computer to fake sites meant to steal from you and further infect your computer, you have to take action to ensure that your computer is clean. DNSChanger is a particularly obstinate infection, but it can be removed.
The first step is to see if you are infected. Go to www.fbi.gov or www.dcwg.org. If you have any concerns, ask an expert before proceeding.
If you are infected, you need to fix your computer. There is a list of free tools available at www.dcwg.org.
Still need advice, feel free to email me at email@example.com.
DCWG - DNS Changer Working Group was created to help remediate Rove Digital's malicious DNS servers. Go to: www.dcwg.org
DNS - Domain Name System is what converts the number addresses for computers to named addresses for humans. For instance, 188.8.131.52 is lansystems.com.
Here is a little more detail on how the FBI busted them in Operation Ghost Click. Excerpted from www.fbi.gov.
11/09/11 Six Estonian nationals have been arrested and charged with running a sophisticated Internet fraud ring that infected millions of computers worldwide with a virus and enabled the thieves to manipulate the multi-billion-dollar Internet advertising industry. Users of infected machines were unaware that their computers had been compromised-or that the malicious software rendered their machines vulnerable to a host of other viruses.
Details of the two-year FBI investigation called Operation Ghost Click were announced today in New York when a federal indictment was unsealed. Officials also described their efforts to make sure infected users' Internet access would not be disrupted as a result of the operation.
As part of a federal court order, the rogue DNS servers have been replaced with legitimate servers in the hopes that users who were infected will not have their Internet access disrupted.
It is important to note that the replacement servers will not remove the DNSChanger malware-or other viruses it may have facilitated-from infected computers. Users who believe their computers may be infected should contact a computer professional. They can also find additional information in the links on this page, including how to register as a victim of the DNSChanger malware. And the FBI's Office for Victim Assistance will provide case updates periodically at 877-236-8947.