There is no big holiday on July 9, but if your computer is infected with the DNSChanger malware, your clock is ticking fast before your internet closes out on you.
This has been reported as early as May 22 in CNET while local ISP’s PLDT and Smart issued their press release on June 27, alerting subscribers of the threat. Unfortunately, that doesn’t sound like a very sound way to inform millions of subscribers. A text message or phone call would probably be more suitable considering the impact it can make. Anyway, i’ll reserve my rant for a next post.
So what Exactly is a DNSChanger?
DNSChanger website outlines what this malware is and how it works:
DNSChanger is malicious software (malware) that changes a user’s Domain Name System (DNS) settings, in order to divert traffic to unsolicited and potentially illegal sites.
In November 2011, the FBI closed down a ring of cyber-criminals believed to be responsible for the worldwide spread of DNSChanger.
An estimated four million users were affected worldwide. To avoid these victims losing their internet service, the FBI worked with the Internet Systems Consortium (ISC) to set up and operate a temporary DNS solution, while giving ISPs the opportunity to assist their customers to remove their potential infection.
This temporary solution is expected to be switched off as early as 9 July 2012. It is likely that users infected by DNSChanger will be unable to connect to the internet when the temporary DNS solution is switched off.
But don’t fret, there are ways for you to know how to get this malware off of your computer and secure yourself from internet doom.
According to a CNET article, Google has a clever Domain Name System hack that can warn you if your computer is infected. Full story can be found here.
Testing for DNSChanger
To know if your system is infected with the malware, here’s a few things you need to do:
1. Click Start
2. Open the Command Window
3. (For Windows 7) Type cmd at the search bar
4. (For Windows XP) Click Run, then type cmd at the bar
5. Type ipconfig /all
6. Search for the DNS Servers section
Mac OS X
1. Click the Apple icon an the top left of the screen
2. Select System Preferences
3. Locate the “Network” icon
4. Read the “DNS Server” line
DNS settings that point to these addresses means your computer is infected.
• 220.127.116.11 through 18.104.22.168
• 22.214.171.124 through 126.96.36.199
• 188.8.131.52 through 184.108.40.206
• 220.127.116.11 through 18.104.22.168
• 22.214.171.124 through 126.96.36.199
• 188.8.131.52 through 184.108.40.206
For a quick check you can go to http://dnschanger.detect.my
I just got mine tested and I’m happy to share with you that mine is clean.