Tonight at 12:01 AM EDT (04:01AM GMT) Monday July 9th, the Internet is going to become inaccessible for nearly half a million people around the world because of malware called DNS Changer. If your computer is infected with DNS Changer, it won't be able to get on the Internet anymore. Here's how to get rid of it and make sure the Internet still works for you.
It's important to note that even though half a million blocked internet users sounds like a lot, that number is a pretty small subset of the entire world's Internet-connected population. Chances are you're not affected by this at all. Seriously, you're probably not. Really, you should be safe. But like any annoying virus, real or digital, it's a good idea to check yourself and your computer out anyway. Safe computing is underrated, you know. And plus, using your computer without the Internet is a sad existence: no more Facebook crawling, no more Gchat chatting, no more meme spotting, no more adult video watching. You don't want that to happen to you.
Checking if your computer has been affected with DNS Changer is dead simple, all you have to do is go to the FBI-run website DNS-ok.us right here. If the site is green and says you're good to go, you have nothing more to worry about. It's that easy. Remember, DNS Changer only affects PC and Mac OS X computers, if you're worried about your Linux computer or your mobile devices, don't be, they're in the clear.
If you're among the unlucky that are affected though, then you got some fixing to do. According to FBI estimates, 64,000 computers in the United States will get screwed out of the Internet because of DNS Changer. You're not alone.
The way the malware works is that it redirects computers to rogue DNS servers instead of the normal servers specified by ISPs. DNS servers are like the translator of the Internet, it converts website names to IP addresses. It take the website names you put in, finds that website's server and then connects you with that website. The DNS Changer malware was sending people to different, malicious servers without you even knowing.
The FBI saw what was happening and then stepped in, arresting the team behind DNS Changer and replacing the malicious servers DNS Changer that was redirecting computers to with new, clean and temporary servers. It was a band-aid solution that worked but will stop working on July 9th because those temporary FBI-run servers will be shut down by the courts.
The wonderful problem fixers at Naked Security have a good video explainer on what you should be looking for, how it got there and how to get it off your computer and your router. It's a good place to start for visual instructions on a fix.
Additionally, according to the DNS Changer Working Group (DCWG), you can use these tools to fix your computer too. These are free tools but most anti-virus software should work as well:
- Hitman Pro (32bit and 64bit versions)
- Kaspersky Labs TDSSKiller
- McAfee Stinger
- Microsoft Windows Defender Offline
- Microsoft Safety Scanner
- Norton Power Eraser
- Trend Micro Housecall
There is a possibility that you may have to reformat your hard drive and reinstall your operating system but let's hope one of those tools above can fix the problem before you have to wipe everything. DCWG's general instructions on cleaning your computer are important to follow in this situation too:
- The first thing you want to do is make a backup of all of your important files. You might go to a computer store or shop online for a portable hard drive and copy all of your files onto that drive.
- Either you or a computer professional that you rely upon and trust should follow the "self help" malware clean up guides listed below. The goal is to remove the malware and recover your PC from the control of the criminals that distributed it. If you were already thinking of upgrading to a new computer, now may be a good time to make the switch.
- Once you have a clean PC, follow instructions for ensuring that your DNS settings are correct. If you're not using a new PC, you'll want to check that your computer's DNS settings are not still using the DNS Changer DNS servers. We hope to have some of our own instructions soon. Until then, the instructions and screen shots found in step 2 at http://opendns.com/dns-changer are quite good if you want to manually set your DNS settings. You also have the option to return to using your ISP-provided automatic settings by choosing the "automatically" option (Windows) or deleting any DNS servers listed (MacOS).
- After you have fixed your computer, you will want to look at any home router you're using and make sure they automatically use DNS settings provided by the ISP. We'll have a document for this soon.
- Changing DNS is only one of the functions of the malware kits. The malware could have been used for capturing keystrokes or acting as a proxy for traffic to sensitive sites like bank accounts or social media. It would be a good idea to check your bank statements and credit reports as well as change passwords on any online accounts especially saved passwords from your applications or web browsers.
After your computer is clean, you can go back to enjoying all the Internets you know and love. Again, the DNS Changer malware only affects a fraction of the Internet population but if it affects you, fix it. Now. [DCWG, Naked Security, PCMag]