How to know if DNSchanger virus will keep you offline on July 9

By: Ted Kritsonis

July 5, 2012

The malware known as DNSchanger was first reported back in 2007, and despite efforts to alert users of its presence after the hackers behind it were arrested last year, the virus could affect thousands of Canadians who won’t be able to access the Internet starting on July 9.

The malware has infected both Windows PCs and Macs, and there is an estimated 277,000 affected computers worldwide. About 64,000 of those are said to be in the United States, according to the FBI, but there’s no official tally on how many are based in Canada. The malware is particularly dangerous because it runs silently, and also slows down Internet usage and disables antivirus software, which could open the door to other malware.

After the FBI raided the group behind the malware in Eastern Europe, it realized that it couldn’t shut down the servers because infected computers would then be unable to get online. The Internet Systems Consortium (ISC), a non-profit company, took over migrating and maintaining the servers from the FBI earlier this year, but that will come to an end on July 9 when those servers are turned off.

What DNSchanger ultimately did was reroute infected computers by manipulating the Internet’s DNS (Domain Name System) service, which is essentially the identification system used to differentiate everything from website addresses to computer IDs. By tapping into those series of numbers, or IP addresses, the hackers could route traffic from infected computers to fraudulent phishing sites and online scams.

The threat of rerouting is gone now, but getting cut off from the Internet is likely to happen if your computer is infected. Facebook and Google have tried to help by displaying warning messages to those who might be on the list. Internet Service Providers (ISPs) like Bell, Rogers and Shaw should have also sent out notices about DNSchanger.

To find out if you’re one of the unlucky ones infected with the virus, the DNSchanger Working Group has set up a number of detection websites that you can find here. If you are infected, you can go here to remove the malware from your machine and give it a clean bill of health.

Before doing any of this, the Working Group suggests that you back up all your files, just in case you need to completely reinstall the operating system and give the computer a fresh start.


Leave a Reply

Your email address will not be published. Required fields are marked *