DNSChanger Malware on Monday, July 9th, 2012

If you’ve browsed Facebook or Google lately, you may have come across a few articles with the warning that “millions of Americans will lose their internet connections” on Monday, July 9th. Some articles claim this so-called ‘DNSChanger’ malware is set to go off like a timed bomb; others claim the FBI is forcefully causing the shutdown. Regardless of the reason, there has been much concern about a possible internet outage this Monday, and whether or not it affects you both at work and at home. All of us here at NetCal would like to save you the headache, and break down the facts from the fiction.

Q: Is this issue real?

A: Yes, but the facts are greatly distorted.

The ‘DNSChanger’ malware is not lying dormant on your computer until Monday, and the FBI is not cutting off your internet access forcefully. The malware was real however, and may have infected your computer 4-5 years ago.

Computers use something called a DNS (Domain Name System) in order to translate ‘internet names’ into ‘internet numbers’. When websites like ‘www.google.com’ are typed into your browser, a request goes to a server which translates the name into the proper IP address ( Your computer is normally setup to acquire the DNS server automatically from your ISP (Internet Service Provider), or from a DNS server set up in your business.

The ‘DNSChanger’ malware, widely released in 2007, changed the settings on the computers it infected and redirected the DNS address to private servers run by scam artists and identity thieves. Instead of www.google.com translating to, it would translate to their private IP addresses instead!

The scam was so widespread (half a million computers infected in the US), the FBI was forced to get involved to shut the criminals down. The criminals were caught, their equipment confiscated, and computers were rid of the infection in record time. There was just one catch: Getting rid of the DNSChanger infection did not change the computer’s DNS settings back to normal!

The FBI decided to setup real DNS servers using the IP Addresses that the criminals used. In the end, even if you were infected by the malware, your internet access was no longer compromised. Fast forward 5 years later to 2012, and the FBI are now retiring these servers. As a result, the previously infected computers will be without DNS services.

Q: How can I find out if I was infected?

A: You can visit ‘dcwg.org’ and have your computer tested online.

Click on “Detect” towards the top and see if you are using the FBI’s DNS servers.

Q: How severe is this infection? Can it be fixed?

A: It is very quick to fix, and does not permanently harm any systems.


For more information please visit the following: