The malware is a DNS redirector, and at its peak infected over 4.2 million computers.
Last year, the FBI took down an Internet "fraud ring" via a sting operation dubbed "Operation Ghost Click." Six Estonian nationals were arrested after the operation, with the malware allegedly bringing them $14 million in revenue.
As DT explains, the malware worked as follows: "When you click on a link to a website or type in its URL, your computer sends a request to a DNS server, which translates the URL into the appropriate IP address. The IP address is sent back to your browser, which can then find the website in question. The DNSChanger would hijack the requests of infected users and redirect the requests to their own DNS servers. Their DNS servers would then translate the URLs into an illegitimate IP address and trick the browser into displaying a different website. Essentially, trying to access YouTube could send you to a porn site."
The ring made the money because redirected users were sent to websites of the fraud ring's customers who were paying for traffic from users who also clicked on ads.
Millions were infected but the DNS Changer Working Group (DCWG) has cleaned all but 350,000 of the infected PCs.
Check here to see if you need to worry: http://www.dcwg.org/detect/
Written by: Andre Yoskowitz @ 22 Apr 2012 19:12