FBI, working group reboot effort to rid computers of DNSChanger

The FBI and a working group of security experts have relaunched their campaign to rid computers of the DNSChanger malware that still threatens to cut hundreds of thousands of users off from the Internet in July.

The ad hoc DNSChanger Working Group has a new website that links to instructions on how users and organizations can find and remove DNSChanger from their machines, along with updates on the effort. The FBI also has a Web page devoted to fixing the problem.

DNSChanger had infected as many as 4 million computers around the world as part of an Estonia-based clickjacking scheme the FBI busted in November 2011. The malware redirected infected computers to the ring’s servers, which then sent them to bogus sites, while also disabling anti-virus software.

After the FBI broke up the ring and arrested six of its principals, it received a court order to allow the Internet Systems Consortium to run temporary replacement DNS servers in place of the ring’s servers. Otherwise, infected computers would have had their DNS requests sent to servers that had been taken offline, effectively cutting them off from the Internet.

The original court order was to expire in March, but the FBI obtained an extension until July 9 to allow more time to clean infected machines.

A lot of progress has been made in ridding machines of the malware, and federal agencies have largely been cleaned of infections, but an estimated 350,000 could still be at risk. The new campaign is designed to raise awareness about the threat, so that users and organizations check for the malware and remediate the problem if it’s there.

About the Author

Kevin McCaney is editor of Defense Systems. Follow him on Twitter: @KevinMcCaney.

Reader Comments

Tue, Apr 24, 2012

Thanks for everones efforts to eliminate this serious problems.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above