Skip to content

Are You Going to be Losing Internet this Monday?

July 6, 2012

Overall, approximately 300,000 users are going to be scratching their heads on Monday over why they can’t get to browse to the internet. But why you ask? Thank the authors of the DNSChanger trojan horse malware (and its variants).

Last November, the FBI took over control of the servers for the DNSChanger botnet. This botnet allowed cybercriminals to force unsuspecting users to malicious websites designed to steal personal information and generate illegitimate ad based revenue (popups mostly that had to be clicked through). The DNSChanger botnet is thought to have scammed upwards of $14 million and resulted in the arrest of six Estonian scammers in November 2011. It was first discovered in 2007, so it has been operating for quite awhile.

So why does the FBI control the servers? The botnet reroutes DNS requests to its own servers and then pushes scareware and advertising to infected machines. Shutting down the botnet would have disrupted the connections of the infected computers, which at one time is believed to have herded up to 4 million computers. Shutting it down on Monday, July 9th will leave computers unable to access websites and email properly without a fix being applied.

Originally, both the FBI and the German Federal Office for Information Security had been due to shut down DNSChanger in March, but left it up for an extra three months to allow more time for users to disinfect their systems.

Checking for infection is simple enough. Links on the FBI and DCWG site will allow users to check for the malware automatically, and fixes are available for Windows systems down to and including XP. Security software vendors have had patches out almost since DNSChanger was detected, and have free tools available. Operating system patches from Microsoft don’t patch other applications such as Adobe Reader and others. SecuniaPSI or File Hippo’s Update Checker scan for these additional patches, download them, and install them for you. The DCWG recommends using these multiple times to make sure any infection is stymied. Other tools that are freely available and recommended include Malwarebytes, ComboFix and Spybot Search and Destroy. My personal preference has been Malwarebytes for most work, and ComboFix for some of the more hard to remove variants. Note that with some tools, you may need a few additional fixes (mostly registry fixes) to correct internal system settings after removal (yes, these trojans are that nasty).

More info can be found here:


and here:

Software Links for patching:






From → Uncategorized

Comments are closed.

%d bloggers like this: