ULM logo

ULM Computing Center

DNSChanger has come and gone...only now do the Fed's response make waves

No, it is not the end of the world....not yet at least. The malware, "DNSChanger" is problem software that has been around for years. The creators have long since been caught and jailed for such misbehavior and there has not been a new variant. So what is the problem now?
Some background

DNS or Domain Name Server is a computer established to translate people-friendly names such as google.com and cnn.com into computer-friendly numbers called IP addresses. Whenever a person types a web address into the browser, contact is made with a DNS server to traslate the name into a number and then take the user to the address where that web page lives. Most computer users have seen IP addresses in the form of the four numbers separated by periods (e.g. If the servers making the translation fail to operate properly, the requesting computer can often not find the pages requested by the user. The Internet seems to stop operating.

DNSchanger is "evil" software designed to replace these DNS server entries with substitutes that transfer the user to places that can sell you things things you cannot live without but would prefer to try. The malware infects a computer and attempts to send potential customers to places where they can buy these wonderful items. Other than extra adverstisements and random websites appearing, an average user may not know anything is wrong.
So why the problem now?

Well, when the Feds broke up the ring of miscreants that created the software, the sites they were using were seized. If the Feds took down the sites, people so infected would suddenly lose Internet because of the problem translating the numbers. Instead, they directed the server traffic to alternative servers setup by the government which were not a threat to anyone. Skip ahead to July 9....this is the day that the Feds take down their "temporary" servers. This means all the people infected for years who have done nothing about their problem will soon need to find a quick solution. After Monday, the Fed's site goes away.
How do I know if I am infected?

A simple test can be used to check for this DNSChange infection. Using your favorite browser, navigate to http://dns-ok.us/ . A green background means all is well, life is good, and you can rest easy come Monday. A red background means you need to have this problem fixed.
How can I fix my affected system
This website lists many resources that may be of use in restoring an infected system back to correct operation.
For more information, consult this website http://www.infoworld.com/d/security/drop-dead-date-looms-dnschanger-trojan-fix-197060?source=rss_security