Count Down to D-day (Jul-9) for DNSChanger Victims

Do you remember the DNSChanger malware? The DNSChanger malware infected 4 million computers around the world. The criminals behind DNS Changer altered the domain name server settings of the infected computers or broadband routers to point to attacker owned domain name server. It causes the victims to visit the specific malicious web site unknowingly. HKCERT reported the botnet malware in the security blog early March this year with more details:

/my_url/en/blog/12022901

Image courtesy: DCWG

The D-Day is July 9

Although the FBI takedown the botnet behind DNSChanger in November 2011, the victim’s computer or broadband router still using the DNS servers controlled by the criminals. To avoid the victims losing Internet connection after the DNSChanger botnet takedown, the U.S. District Court appointed ISC to take over the domain name server controlled by the criminals temporarily. The ISC temporary servers will be shut down on July 9, 2012. The DNS Changer Working Group (DCWG) still found 0.3 million infected computer or broadband router in the world. You must act now to check if you are affected!

If your computer or broadband router is infected with DNSChanger malware, it may have the following impacts?

1. The victim's computer may visit a malicious web site, including phishing website or other malware hosting website. These websites may steal the data in the computer or even control the computer.
2. Start from Jul 9, 2012, since the victim's computer or broadband router cannot resolve the domain name. Therefore they cannot access the Internet.

To get to know your computer or broadband router is infected with the DNSChanger malware, in accordance with the following three steps to check, clean up and restore:

3 steps to remove DNSChanger malware

1. Check
   Please use the web browser (e.g. Chrome, Firefox, Internet Explorer etc.) to visit the below testing website:
   http://www.dns-ok.us/
   
   
   
   If your computer cannot visit the above website, please follow the instructions in below website to check it manually:
   http://www.dcwg.org/detect/
    
2. Clean up
   Please use the free malware scanner (online) websites or malware scanner listed in HKCERT website to clean up your computer
   • For Microsoft Windows
     https://www.hkcert.org/security-tools#SecDefTools
   • For Apple Mac OS
     https://www.hkcert.org/security-tools#SecDefTools
      
3. Restore
   Please use the below utility or manual restore method to reset the domain name server settings
   • For Microsoft Windows
     
     • DNS Repair Tool
       http://www.avira.com/files/support/FAQ_KB_Download_Files/EN/AviraDNSRepairEN.exe
     • Or Manual method
       http://support.microsoft.com/kb/305553
   • For Apple Mac OS
     • Manual method
       http://support.apple.com/kb/PH4318
   • For broadband router
     Suggest to follow the documentation provided by the vendors to reset the DNS server settings and change the password of default administrator account.

Note:

If you still cannot connect to the Internet, please contact your ISP for assistance.

Reference

http://www.dcwg.org