The DNSChanger malware does what it says in its own title, it changes the DNS settings of infected computers to use malicious ones instead. The Federal Bureau of Investigation (FBI) took action against the malware last November, and originally set a March 8, 2012 deadline to shut down the DNS servers.
Unfortunately, four months later, there are still close to 500,000 infected computers using the malicious DNS servers. Clearly, the owners of the computers have not the slightest clue that anything is wrong.
Those responsible for the DNS servers were using them to block antivirus programs and operating system updates, while also redirecting users to rogue servers to be defrauded. The FBI, realizing that so many machines were using the malicious servers, replaced them with valid DNS servers and set a deadline for users to restore their original DNS settings.
The FBI hosts a PDF file with information on the DNSChanger malware and associated botnet, while also giving you instructions on how to check if you were infected and restore DNS settings if needed. The PDF can be gotten from FBI.gov.
If you are not interested in reading the PDF, you can use the Avira DNS repair tool, available from here.
Written by: James Delahunty @ 9 Mar 2012 14:33