Please pardon the intentionally alarmist title of this post, but I want to get your attention. By now, hopefully, you have heard of the DNSChanger virus and checked your computer(s) to see if you are infected. But if you haven’t, and you are one of the potentially 70 thousand people in the United States who have this malware, you need to check your computer and act quickly to prevent loss of Internet access next week.
The malware has its origins in Estonia where six people infected approximately 4 million computers with a trojan that intentionally redirected web searches to spoofed sites. Why did these cybercriminals do such a thing? Most likely because there is money to be made in online marketing, and by getting people to visit spoofed sites they inflated the clicks and got paid for the results. They also could have been seeking to further infect computers through other malware hidden on the spoof sites. In addition they might have wanted to steal passwords and other information by tricking people into entering information on the fake sites.
When the FBI located the cybercriminals it left their servers running to prevent loss of Internet access to 4 million people. Authorities then worked to notify everyone they could to help fix the problem. Unfortunately, they couldn’t reach anyone and the servers cannot be left to run indefinitely. So the time has come, and if you have the DNSChanger virus, you will find yourself with a computer that cannot access the web on Monday, July 9, 2012.
Fortunately, you still have time to check to see if your computer(s) are infected. The FBI has provided straight-forward instructions that you can follow. You can also ask an IT professional for help. Or if you want to take the easy path (and why not) just click on this link. Make sure you do so from all of your computers.
You should also check your router. PCMagazine provides instructions on how to do so.
Warning signs that you are infected include a computer that will not perform malware or operating system updates. You also might recall seeing searches that sent you to strange sites as late as November of last year.
If you are infected, there are a couple of things you can do. Here is some help from CERT in regard to how to deal with nasty malware like DNSChanger. Personally, I would make sure I had backups of all important documents and files, wipe my computer, and start over. If you are not comfortable with taking such a drastic step, you should take your computer to a professional IT person. In either case, make sure you have backups of your documents and other files.
If you find any of the links in this post slow to open, it is because many people are using the same sites to find help.