Skip to main content

HKCERT Reminder on DNSChanger Infection Clean-up Deadline

Release Date: 27 Jun 2012 4048 Views

Businesses and members of the public should check their computers for DNSChanger infection and take remedial measures before 9 July, or will risk losing their Internet connectivity, the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) warns.

HKCERT today (27 June 2012) issued an advisory highlighting three steps to assist computer users to check their machines; then disinfect and restore, if being infected (/my_url/en/blog/12062701).

Active since 2007, the DNSChanger malware changes the Domain Name System (DNS) settings of its victims, connects them to a rogue DNS server set up by hackers, and re-routes their traffic to suspicious and fraudulent websites. Last November, authorities in the US took down the rogue DNS server and replaced it with a temporary DNS server until 9 July 2012 to give victims time to fix the problem.

Mr Roy Ko, Manager of HKCERT, said, “Affected computers which have not fixed the problem by 9 July will lose their access to the Internet. In our recent proactive information security monitoring operation, HKCERT found that more than 310,000 machines have been infected with the DNSChanger malware globally. Over 800 machines are known to be infected in Hong Kong even though the actual number could be much higher.”

He said, “HKCERT has liaised with local Internet service providers (ISPs) to locate the infected computers to fix the problem. However, only a handful of them have done so. Computer users are urged to check their machines now. If being victimized, disinfect the machines and restore the correct DNS settings.”

HKCERT will continue to monitor the situation, send out alert on the latest updates, and work closely with ISPs to tackle the issue. Internet users are reminded to maintain their security patches up to date, use anti-malware solutions, and not to visit any suspicious websites.

For incidents reporting or enquiries, please contact the HKCERT hotline at tel: (852) 8105 6060, or email: [email protected].