Have you checked your PC for DNSChanger? The clock is ticking.

Tens of thousands of computers in the United States are still infected with DNSChanger and, if you haven’t checked, yours could be one of them.

And if your computer is infected, you could be effectively cut off from the Internet on July 9. Fortunately, checking for an infection is easy and a fix is available — if users will take the time to find out.

“Cybersecurity is a shared responsibility, and each of us has a role to play,” Rand Beers, undersecretary for the Homeland Security Department’s National Protection and Programs Directorate, writes in a recent DHS blog post. His point is that, for all the work the FBI and DNSChanger Working Group has put into cleaning up the botnet and running substitute servers to protect users, the last chapter in this story falls to the individual.

Related coverage:

Poor follow-up left public vulnerable after FBI's DNSChanger bust

FBI, working group reboot effort to rid computers of DNSChanger

Users can test for a DNSChanger infection at the working group’s website. “In fact, I just tested my computer at home,” Beers writes, “the process was simple, straightforward, and only took a few minutes.”

And Beers’ time frame of a “few minutes” must include going to the site, reading the clearly written instructions, and then clicking on the link to check for infection. Because once you get to the page for detecting an infection and click on the link, the results come back instantaneously.

It’s a small step for people to ensure they don’t lose the ability to navigate the Internet come July 9.

DNSChanger was used in an Estonia-based clickjacking scheme that infected as many as 4 million computers around the world during its four years of operation. The malware redirected Domain Name System queries through servers run by the clickjacking group, manipulating advertising and sometimes disabling security software so that it was not detected and removed.

In all, the scheme generated more than $14 million in illicit fees for directing traffic to targeted sites between 2007 and November 2011, when the FBI busted the ring.

If the FBI had shut down the servers when they arrested the ring, those millions of infected computers would have been effectively shut off from the Internet, because their DNS queries would have been directed to servers that were no longer working. So the FBI received a court order to operate clean replacement servers using the IP addresses of the rogue servers, and named the nonprofit Internet Systems Consortium to run them.

The original court order covered 120 days and was set to expire March 8. But with millions of computers still infected as that deadline approached, the FBI got an extension until July 9. After that? The replacement servers get shut down and anyone with an infected machine could have their Internet browsing wind up at a dead end.

DNSChanger has largely been scrubbed from computers in government, industry and among individual users, but as of April 10, more than 84,000 computers in the United States, and several hundred thousand worldwide, were still infected.

That’s why Beers and DHS joined the FBI, and the DNSChanger Working Group is banging the drum to get people to check their computers. It is, as he said, a simple, straightforward process and well worth the effort, just to be sure.

In addition to the working group’s website, you can get additional information on DNSChanger at an FBI site dedicated to the subject.

About the Author

Kevin McCaney is a former editor of Defense Systems and GCN.

inside gcn

  • urban air mobility (NASA)

    NASA seeks partners for urban air mobility challenge

Reader Comments

Thu, Jun 7, 2012 Mike Grand Rapids


1. Follow the link in the article

2. Click "Detect"

3. Click on the link on that page

Green Background = OK
Red Background = Problems

I think even the non-techies can handle this one. :)

If you had just followed the link in the article, you would have been done in less time than it took to ask. :)

Tue, May 15, 2012 Editor

Editor’s note: The DNS Working Group website http://www.dcwg.org/ has step-by-step instructions for checking manually, or you can do an easy, one-click check. Click on “Detect” on the home page and the instructions will walk you through it. Or, the easiest thing to do is paste this URL into your browser: http://www.dns-ok.us/ If it comes up green, you’re good (and it will tell you so). No software is downloaded when you take the test.

Tue, May 15, 2012

Is it possible to get a step by step on how to check the DNS Changer on any PC? It may be elementary to techies, but we non-techies shall be at a loss comes July 2012. Thanks

Tue, May 15, 2012 Fred Brown Iowa

I haven't seen anything about this on local TV or news media. Other than this site there hasn't been any mention of the DNS Changer in months. Mr. Beers isn't doing a very good job of directing people to the site vis a vi the general public.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group