In November of 2011, six Estonian nationals were arrested by the FBI for creating malware that infected computers worldwide. The malware, which was named DNS Changer, manipulated the user’s DNS settings and replaced the ISP’s good DNS servers with rogue DNS servers that were operated by the criminals. Since the criminals controlled the DNS servers, they were able to redirect users away from the intended destination site to a website filled with advertisements. The operation produced over $14 million of illegal profits and resulted in millions of infected computers in hundreds of countries.
In an effort to minimize the impact on infected computers, the FBI is temporarily “cleaning” the rogue DNS servers to ensure those users continue to have Internet access. However, the FBI does not plan to offer this service beyond July 9th and at that time those servers will be shut down. When the servers are shut down, computers that are still infected will immediately be unable to access the Internet.
An anonymous FBI source told CNN the following regarding the “Operation Ghost Click” investigation and the arrested hackers:
“They were organized and operating as a traditional business but profiting illegally as the result of the malware. There was a level of complexity here that we haven’t seen before.”
To check if your computer is one of the 300,000 remaining computers still infected with the DNS Changer malware, visit this FBI recommended site, which was developed by an industry leading team of experts. The simple tool does not require you to download software, make changes to computer settings, or perform a scan — all that is required is a simple visit. Once you visit the site, you will be presented with a green background if your computer is free of malware or a red background if your computer is infected. If the diagnostic site finds malware on your computer, simply follow the on-page instructions or go the “FIX” page.
Sources Include: CNN, DCWG.org, & FBI
Image Credit: Screencap of DNS-OK