On March 8, computers infected with a certain piece of malware may no longer be able to access the Internet.
In November of 2011, six Estonian nationals and one Russian national were charged with infecting more than four million computers with the DNSchanger malware.
According to the Federal Bureau of Investigation, at least 500,000 of the infected computers were in the United States and included computers at U.S. government agencies such as NASA as well as educational institutions, non-profit organizations, commercial businesses and individuals.
The malware rerouted computers to specified websites and advertisements that resulted in fees being paid to the perpetrators. The malware also prevented users of infected computers from being able to install anti-virus software or operating system updates.
“Remediation efforts were immediately undertaken to minimize any disruption of Internet service to the users of computers infected with the Malware,” an FBI press release stated. “This remediation was necessary because the dismantling of the defendants’ rogue DNS servers—to which millions of computers worldwide had been redirected—would potentially have caused all of those computers, for all practical purposes, to lose access to websites.”
A Manhattan federal court judge granted an order allowing the defendant’s rogue DNS servers to be replaced with legitimate servers for a period of 120 days during which time infected machines could be rid of the malware. That 120-day period ends March 8 and many machines remain infected.
ITPro reports half of all Fortune 500 companies remain infected and several major government agencies still have at least one infected machine.
The affected companies face a very serious problem according to Krebson Security, “Computers still infected with DNSChanger are up against a countdown clock … Unless the court extends that order, any computers still infected with DNSChanger may no longer be able to browse the Web.”
Mario Aguilar of Gizmodo reports that detecting the DNSchanger Trojan is a straightforward exercise.
“Basically, you want to check your DNS connection against those known to be used by the trojan. If you point your browser to dns-ok.us, the website will run a quick check to see if you're all right,” Aguilar wrote.
Additionally, the FBI has posted detailed instructions for detecting the malware on its website as well as a warning:
“In addition to directing your computer to utilize rogue DNS servers, the DNSChanger malware may have prevented your computer from obtaining operating system and antimalware updates, both critical to protecting your computer from online threats. This behavior increases the likelihood of your computer being infected by additional malware. The criminals who conspired to infect computers with this malware utilized various methods to spread the infections. At this time, there is no single patch or fix that can be downloaded and installed to remove this malware. Individuals who believe their computer may be infected should consult a computer professional.”