PROTIP: Press 'i' to view the image gallery, 'v' to view the video gallery, or 'r' to view a random entry.
This submission is currently being researched & evaluated!
You can help confirm this entry by contributing facts, media, and other evidence of notability and mutation.
DNSChanger is a Trojan virus that was distributed between 2007 and 2011. Masked as a video codec, the program modified the computer’s Domain Name System (DNS) configuration to send users to a rogue server which replaced normal advertising with advertising sold by Rove Digital, the Trojan’s distributor. In November 2011, the United States FBI seized the company’s servers, which are set to be turned off on July 9th, 2012. On July 2nd, 2012, the F-Secure Labs estimated that 300,000 unique IP addresses were still registered on the servers, leading many news sites and tech blogs to publish articles about a “DNSChanger Doomsday.”
Forum posts about the DNSChanger virus began appearing as early as February 3rd, 2007 on the What the Tech? forums. That year, more users posted threads with concern about the virus on the Search and Destroy forums, Wilders Security Forums as well as articles on how to remove it appearing on blogs including Security Ticker, My Anti Spyware and F-Secure. The following year, in December 2008, a blog about the virus was posted on the Washington Post and subsequently shared on Reddit the following day.
In November 2011, members of the United States FBI arrested six Estonian nationals in Operation Ghost Click, dismantling Rove Digital after more than 4 million computers across the globe had been affected.
Since Rove’s affected servers were seized, the FBI replaced them with legitimate servers in hopes that affected users would not have their service disrupted. The FBI servers redirected the rogue ones to the correct DNS for those users with the trojan still embedded in their computer. Originally, these servers were meant to be turned off in March 2012, but due to 450,000 global computers still affected, the federal government granted an extension until Monday, July 9th, 2012.
DNS Changer Infections: 1/2012 to 3/2012
On July 4th, F-Secure released an estimate that at least 300,000 computers were still infected with the malware. As the deadline drew near, the FBI launched a website at DNS-ok.us where computer users can check their infection status by green or red color backgrounds.
Major internet companies like Google and Facebook as well as U.S. Internet service providers (ISP) like Comcast, COX, Verizon, and AT&T also issued automatic notifications to users accessing through rogue DNS network.
News Media Coverage
The FBI’s detector site and the warning quickly spread through the tech news blogosphere and online news sites, accompanied by sensational headlines suggesting there will be a massive internet blackout on July 9th. The intensive media coverage of a potential server outage came only days after temporary blackout of major sites and online services like Reddit and Netflix caused by Amazon’s data center outage and a technical bug known as the leap second glitch.
There are no videos currently available.