Tag Archives: DNS Changer

DNS Changer malware: what you need to know

You may have heard about yet another new virus threat that’s making headlines today. As many news outlets have been reporting – with greater and greater urgency – there is a new form of “malware” that’s been loose for some time, but is about to make a much bigger impact on a lot of people’s lives. Basically, if you’ve got it, you’re not going to be able to get on the Internet after July 9th. Because the FBI is shutting things down.

Since a lot of the reporting I’ve seen locally has been… well, terrible.. I thought I’d give you a quick run-down of what exactly is going on. Let’s start with the question on everybody’s mind:

WTF?

The “DNS Changer” pest has been “in the wild,” meaning actively making its way through public networks and computers, for quite a while under various names. Its purpose was basically to redirect users trying to get on the Internet to bogus websites so that its creators could collect click-through ad revenue. The FBI and officials in Estonia arrested the perpetrators a while ago, but realized they had a big problem: if they shut down the servers that the malware was pointing to, everybody with the malware would get cut off from the web. The solution was to leave the servers running, but instead of pointing to the baddies, the FBI redirected traffic right back to where it was supposed to go in the first place.

All well and good, but there’s still a ton of computers – estimates are in the half-million neighborhood – with that virus, and the FBI can’t keep those servers running forever. Well, July 9th is the cut off date, so if you’ve got this little beastie running on your box, you better do something fast.

Malware? Is that like a virus?

Yeah, sorta.

The only real difference between most viruses and most malware – and to be clear, these terms border on slang, so the definitions tend to be somewhat fluid – is that viruses generally pose as some legitimate bit of software or data and infect silently. Malware generally attempts to cover itself with the veneer of legitimacy by talking you into voluntarily installing the software. Many veteran PC users will remember all those “start-up applications” that ran their PCs into the ground years ago. Stupid crap you thought you were being smart by installing. And by the way, its pronounced “male-ware,” not “mall-wear,” damnit. Think “malevolent” or “malignant.”

Regardless of the definition or how you got it, the point is: it sucks.

What is DNS and why did it change?

Ah, DNS, our old friend! Cornerstone to the Internet and so effective, most people don’t ever hear the term. This is especially clear when watching and reading local news on the subject, sadly.

DNS means Domain Name Service, and essentially, it’s the phone book of the Internet. Every domain name, such as dragonflyeye.net and bangin-midgets.org, refers to a computer or a network out there on the Internet. But which one? Well, your computer doesn’t know the answer to that, so it relies on DNS servers to provide that information.

When you tell your computer to go to google.com, it actually asks one of these servers where google.com is, the server responds with the correct address, and away you go. Typically, your computer would use DNS servers provided by your Internet Service Provider (Time Warner, Frontier, etc), but it doesn’t have to: you can manually set a different set of DNS servers to contact if you wanted to for some reason.

What the DNS Changer did was exactly this: it changed the server that your computer points to from a legitimate one to an illegitimate one. Those illegitimate DNS servers pointed you – not to the Google you know and love, but to bogus servers that look just like Google. You know all those ads on Google’s search pages? People pay money for you to click on them. But with the DNS Changer servers pointing you to bogus sites, all the money that would normally be collected by Google was instead collected by the owners of those servers. With half a million computers still infected, even after anti-virus software has been removing it for months, they must have made a lot of money.

And you can clearly see the long-term problem facing the FBI: if your computer is referring to the wrong “phone book” and that phone book goes away, where do you find all your beloved websites? You don’t. The solution was to just make the DNS servers report correct data, instead of the bogus stuff while people had an opportunity to fix their systems. And again: the FBI will be turning these servers off completely on July 9th.

Awesome. Now what?

Now you need to find out if you’ve got the DNS kruft and if so, get rid of it. If you’re not on a Windows computer, you’re probably safe. If you are:

  1. Run your antivirus software! I trust you have some, yes? Make sure it has been recently updated as well.
  2. Failing that, there is a website, http://dns-ok.us , that will run a quick, software-free scan for you.
  3. DCWG.org has a resource page that will give you more information.
  4. Finally, many ISP’s including Time Warner are providing their own support. As a last resort, you might try calling them.

Boilerplate preaching

I know you’ve heard this all before. But if you’ve got this little nasty, that is because you didn’t heed the advice. And hey: we all screw up from time to time. So… once more, this time with feeling:

Never install software unless you were planning on it. If something on the Internet tells you to install software in order to view content or improve your PC, that’s a red flag. Before installing anything from the Internet, you might first want to Google search the name of the application. If it even smells slightly off, there’s a blog post, a forum thread, or something else to wave you off. Most legitimate software that drives content on the Internet is going to be either pre-installed or easily-recognizable: Flash, Acrobat, maybe QuickTime.

And for the love of god, people, use your anti-virus! Keep it up to date, make sure you run scans once in a while – most anti-virus software actually allows you to schedule all this to run without you. But that doesn’t mean you shouldn’t check in from time to time.