DNSChanger Trojan Causes Internet Disconnection on July 9

Wednesday, May 30, 2012

Computers still infected with DNSChanger after July 9 will no longer be able to connect to the Internet, so those affected need to act fast.

The problem dates back to November 2011, when the FBI seized and shut down about 100 servers that were infecting millions of computers with the DNSChanger Trojan. Infected machines had their Domain Name System settings altered so websites would redirect to servers controlled by the criminals. The scammers reportedly earned millions in affiliate and referral fees by diverting users through those sites.

The FBI wanted to shut down the rogue servers, but if they did, infected computers would have lost access to the Internet immediately. So, the FBI got a court order to continue running the servers while people applied a patch. That court order was originally scheduled to expire on March 8, but was later extended to July 9. If infected machines are not fixed by then, their Internet connections will go dark after the servers are shut down.1

Google has added a link with directions for how to remove the software. PCMag's Security Watch blog also has more details on how to rid your machine of the malware, and the FBI has a tool that will let you check if your computer is affected.

If you think your computer may be affected or need assistance in removing this malware, contact the CIT Help Desk at cit@oberlin.edu or x58197.

Additional Information

More information on the DNS-changing malware can be found through fbi.gov.