Did you know that that your Internet connection can be dropped on 8th March? The cause: a new type of malware (DNSChanger) that modifies your internet connection settings and changes your DNS Servers. Don’t worry, you can easily prevent and fix that.
Some background info
So…why is having the right DNS servers setup on your PC important? Well, this service/server converts those user-friendly web domains (ex: www.bullguard.com) into an IP (184.108.40.206). Basically, the computers are communicating with each other using those numbers. The domain names have been invented for the human mind, to be more easily memorized. If a DNS server is down, when entering the domain name into the browser, the page will not load. Of course, you can use the IP (https://220.127.116.11/) but who can remember that?!
Confused? Check out this cartoon:
About DNS Changer malware
Unfortunately, cybercriminals have figured out that if they control the DNS servers, they control the websites you want to connect to. In this particular case, they created a new type of malware, called DNSChanger, which has the mission to replace your DNS servers (usually provided by your Internet Service Provider) with rogue ones created by the criminals.
This virus has been around since 2007, infected millions of computers worldwide and stealing around $14 million from the infected users. The mechanism: using the bad DNS, they redirect you to phishing websites, adware etc.
The good news if that, at the end of the last year, FBI succeeded in finding and arresting all the gang members behind this and found the location of the rogue servers. They had the good sense to not simply shut down the servers (and break the Internet Connection for millions of users) but instead replaced them with legitimate ones.
Unfortunately, these will not be online indefinitely. According to the court permission, FBI can keep the servers online until 8th March. (The Bureau has applied to extend this safety net until 9 July).
UPDATE: The court federal granted the Bureau another 120 days to keep running these Domain Name System servers that were keeping hundreds of thousands, and possibly millions, of infected computers online. The deadline is, now, 9 July 2012.
What to do?
First of all, check if your DNS servers are among the rogue ones:
- 18.104.22.168 through 22.214.171.124
- 126.96.36.199 through 188.8.131.52
- 184.108.40.206 through 220.127.116.11
- 18.104.22.168 through 22.214.171.124
- 126.96.36.199 through 188.8.131.52
- 184.108.40.206 through 220.127.116.11
To do that, follow these steps:
- Click on START | RUN and type CMD in the Open: field, then click OK. This will open a black command prompt window.
- At the prompt type: ipconfig /all and press Enter
- This will show you lots of information about your network connection. Find the line that says “DNS Servers . . . “. If that line contains any address from above you will need to change your DNS servers.
Also, you can use this quicker way provided by FBI: https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS or the DNS Ok tool mentioned by Alexander Uhde in the first comment.
After doing that, please make sure you regularly scan your computer with a trusted antivirus product.
Have you followed the above instructions? Did you found your DNS servers replaced?