Have you checked your PC for DNSChanger? The clock is ticking.

Tens of thousands of computers in the United States are still infected with DNSChanger and, if you haven’t checked, yours could be one of them.

And if your computer is infected, you could be effectively cut off from the Internet on July 9. Fortunately, checking for an infection is easy and a fix is available — if users will take the time to find out.

“Cybersecurity is a shared responsibility, and each of us has a role to play,” Rand Beers, undersecretary for the Homeland Security Department’s National Protection and Programs Directorate, writes in a recent DHS blog post. His point is that, for all the work the FBI and DNSChanger Working Group has put into cleaning up the botnet and running substitute servers to protect users, the last chapter in this story falls to the individual.


Related coverage:

Poor follow-up left public vulnerable after FBI's DNSChanger bust

FBI, working group reboot effort to rid computers of DNSChanger


Users can test for a DNSChanger infection at the working group’s website. “In fact, I just tested my computer at home,” Beers writes, “the process was simple, straightforward, and only took a few minutes.”

And Beers’ time frame of a “few minutes” must include going to the site, reading the clearly written instructions, and then clicking on the link to check for infection. Because once you get to the page for detecting an infection and click on the link, the results come back instantaneously.

It’s a small step for people to ensure they don’t lose the ability to navigate the Internet come July 9.

DNSChanger was used in an Estonia-based clickjacking scheme that infected as many as 4 million computers around the world during its four years of operation. The malware redirected Domain Name System queries through servers run by the clickjacking group, manipulating advertising and sometimes disabling security software so that it was not detected and removed.

In all, the scheme generated more than $14 million in illicit fees for directing traffic to targeted sites between 2007 and November 2011, when the FBI busted the ring.

If the FBI had shut down the servers when they arrested the ring, those millions of infected computers would have been effectively shut off from the Internet, because their DNS queries would have been directed to servers that were no longer working. So the FBI received a court order to operate clean replacement servers using the IP addresses of the rogue servers, and named the nonprofit Internet Systems Consortium to run them.

The original court order covered 120 days and was set to expire March 8. But with millions of computers still infected as that deadline approached, the FBI got an extension until July 9. After that? The replacement servers get shut down and anyone with an infected machine could have their Internet browsing wind up at a dead end.

DNSChanger has largely been scrubbed from computers in government, industry and among individual users, but as of April 10, more than 84,000 computers in the United States, and several hundred thousand worldwide, were still infected.

That’s why Beers and DHS joined the FBI, and the DNSChanger Working Group is banging the drum to get people to check their computers. It is, as he said, a simple, straightforward process and well worth the effort, just to be sure.

In addition to the working group’s website, you can get additional information on DNSChanger at an FBI site dedicated to the subject.

About the Author

Kevin McCaney is a former editor of Defense Systems and GCN.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.