DNSChanger

DNSChanger

Updated Nov 21, 2012 at 02:26AM EST by Brad.

Added Jul 06, 2012 at 06:14PM EDT by amanda b..

Entry
Like us on Facebook!

PROTIP: Press 'i' to view the image gallery, 'v' to view the video gallery, or 'r' to view a random entry.

This submission is currently being researched & evaluated!

You can help confirm this entry by contributing facts, media, and other evidence of notability and mutation.

Overview

DNSChanger is a Trojan virus that was distributed between 2007 and 2011. Masked as a video codec, the program modified the computer’s Domain Name System (DNS) configuration to send users to a rogue server which replaced normal advertising with advertising sold by Rove Digital[1], the Trojan’s distributor. In November 2011, the United States FBI seized the company’s servers, which are set to be turned off on July 9th, 2012. On July 2nd, 2012, the F-Secure Labs[2] estimated that 300,000 unique IP addresses were still registered on the servers, leading many news sites and tech blogs to publish articles about a “DNSChanger Doomsday.”

Background

Forum posts about the DNSChanger virus began appearing as early as February 3rd, 2007 on the What the Tech?[3] forums. That year, more users posted threads with concern about the virus on the Search and Destroy forums[4], Wilders Security Forums[5] as well as articles on how to remove it appearing on blogs including Security Ticker[6], My Anti Spyware[7] and F-Secure.[8] The following year, in December 2008, a blog about the virus was posted on the Washington Post[9] and subsequently shared on Reddit[10] the following day.


In November 2011, members of the United States FBI arrested six Estonian nationals in Operation Ghost Click[22], dismantling Rove Digital after more than 4 million computers across the globe had been affected.

Notable Development

Since Rove’s affected servers were seized, the FBI replaced them with legitimate servers in hopes that affected users would not have their service disrupted. The FBI servers redirected the rogue ones to the correct DNS for those users with the trojan still embedded in their computer.[18] Originally, these servers were meant to be turned off in March 2012, but due to 450,000 global computers still affected, the federal government granted an extension until Monday, July 9th, 2012.



DNS Changer Infections: 1/2012 to 3/2012

Malware Detector 

On July 4th, F-Secure released an estimate that at least 300,000 computers were still infected with the malware. As the deadline drew near, the FBI launched a website at DNS-ok.us where computer users can check their infection status by green or red color backgrounds. 



Major internet companies like Google and Facebook as well as U.S. Internet service providers (ISP) like Comcast, COX, Verizon, and AT&T also issued automatic notifications to users accessing through rogue DNS network.



News Media Coverage

The FBI’s detector site and the warning quickly spread through the tech news blogosphere and online news sites, accompanied by sensational headlines suggesting there will be a massive internet blackout on July 9th. The intensive media coverage of a potential server outage came only days after temporary blackout of major sites and online services like Reddit and Netflix caused by Amazon’s data center outage and a technical bug known as the leap second glitch.



On Twitter

The hashtag #DNSChanger[11] has had an average of 30 tweets per hour[12] in July 2012. 




Search Interest



External References

[1]Wikipedia – Rove Digital

[2]F-Secure – Should the FBI be reauthorized to continue DNSChanger servers?

[3]What the Tech – Trojan DNS changer.hg, cant get rid of it

[4]Search and Destroy Forums – Win32.DNSChanger

[5]Wilders Security Forums – Trojan Win32 Dns Changer .ik -hard to believe

[6]Security Ticker – OSX Has It’s Own Zlob DNSChanger OSX.RSPlug.A

[7]My Anti Spyware – How to remove trojan DNSChanger/DNS hijacker (Redirect Virus/Trojan Fix)

[8]F-Secure – Trojan:OSX/DNSChanger

[9]Washington Post – A Scary Twist in Malware Evil-ution

[10]Reddit – A Scary Twist in Malware Evil-ution: Beware of DNSChanger

[11]Twitter – Results for #dnschanger"

[12]Topsy – #DNSChanger

[13]PC Mag – DNSChanger Doomsday

[14]TPM Idea Lab – FBI’s Plan to Yank DNS Changer Servers Not ‘Doomsday,’ Here’s How To Stay Online

[15]Huffington Post – DNSChanger Malware May Knock Thousands Off Internet On July 9: How To Avoid It

[16]MSNBCLast call to wipe DNSChanger before ‘Internet doomsday’

[17]FBIDNSChanger Malware

[18]CNet – What the DNSChanger malware is -- and why you should care (FAQ)

[19]PC World – Protect Yourself From DNSChanger

[20]PC World – There Is No Excuse for Still Being Infected with DNSChanger

[21]TIMEDNSChanger: No, the Internet Isn’t Shutting Down on Monday

[22]FBIDNS Malware: Is Your Computer Infected?

[23]Reuters – Virus could black out nearly 250,000 PCs

[24]Yahoo! News – Worldwide Internet Outage

[25]Tech Republic – Preparing for the DNSChanger Internet outage

Recent Videos

There are no videos currently available.

Recent Images 10 total

Top Comments


+ Add a Comment

Comments 42 total

Loading-blocks-red

+ Add a Comment

Add a Comment

Hauu! You must login or signup first!