Google will warn users infected with DNSChanger

Hundreds of thousands of computers will soon risk to lose the Internet connection because of the unpleasant aftermaths of an already disbanded on-line threat known as DNSChanger. But Google will try to prevent the massive connection cut-off warning the infected systems’ owners before it is too late.

DNSChanger is a malware that tinkers with the standard DNS settings of the PC Internet connection to redirect traffic to malicious sites: before being put to rest thanks to an international effort on November 2011, the malicious code managed to infect something like more than 4 million computers worldwide.

The non-profit organization “Internet Systems Consortium” succeeded in seizing the malicious DNS servers used by the malware, replacing their functionality with a “safe” counterpart controlled by the FBI. It is estimated that 500,000 computers have a still-working Internet connection thanks to those replacement servers.

The connection cut-off for these computers will happen on July 9, when the FBI plans to shut down the temporary servers. The campaign orchestrated by Googe will try to reach the PCs still affected by DNSChanger and warn their owners, giving advices on how to remove the malware and restore a clean Internet connection.

Google said that it will try to contact the infected PCs by displaying messages to users visiting its many web sites and on-line services: the messages will be in the users’ native language, a plus that should prove effective for the campaign success considering that only half of the aforementioned 500,000 compromised PCs speak English natively.

Source: Ars Technica.

Report a problem with article
Previous Story

Facebook hiring iPhone engineers for smartphone project?

Next Story

Toshiba abandons netbook market in US

8 Comments

Commenting is disabled on this article.

Its the FBI's interest to shutdown the servers and seize their infos....

DNS can be easily changed, and theres a ton of DNS providers out there, google being one.. But as said - its the address that DIRECTED you to google, as the same address would be hijacking DNS requests. This is your DNS server.
You type in Google.com, it finds out what google.com means, resolves an IP from that, then tells your browser to go to <ip>:80 instead and tada!
As the rouge DNS server is known, they can easily say "hey, you were directed here from a known rogue server. Lets fix that"

Edited by srbeen, May 28 2012, 10:28pm :

Lol, why the heck is the FBI spending money to help people stay online. It's their problems not the US's taxpayers dollars. This is why the US is broke. FAIL.

jmc15john said,
Lol, why the heck is the FBI spending money to help people stay online. It's their problems not the US's taxpayers dollars. This is why the US is broke. FAIL.

Agreed that the FBI doesn't need to be involved in this at tax payers expense, for sure, but why the heck is Google the one that thinks they need to do this? One of the last people in the world I want checking my system for ANYTHING!!

jmc15john said,
Lol, why the heck is the FBI spending money to help people stay online. It's their problems not the US's taxpayers dollars. This is why the US is broke. FAIL.

cork1958 said,
Agreed that the FBI doesn't need to be involved in this at tax payers expense, for sure, but why the heck is Google the one that thinks they need to do this? One of the last people in the world I want checking my system for ANYTHING!!

you dear sirs are clearly ignorant.
1. Using malware to redirect people to an infected site is highly illegal, and I am pretty sure it would come under the classification of being a federal case.
2. Some people who have been infected would be US citizens. Peoples DNS configurations have been set to direct DNS requests to the malicious IP address. So in order to protect US citizens from this attack, they would have to take charge of the IP address and give it to a safe network (which the FBI now has control over)
Of course, The Internet is not picky about which country a request is coming from. All it cares about is the fact that IP address 0.0.0.1 has requested the IP address of website.com from the DNS address 0.0.0.2.
3. The only thing Google will be doing is checking where your computer is getting DNS requests from. If the IP address of the DNS server matches the infected address. Then their websites will show you a warning. Absolutely no useful data will come from this, other than knowing how many machines were infected, but by the looks of things they already know anyway.

If you got a cloudflare powered site you can install it as an app to check and warn people... it will only display if you're affected. PLEASE INSTALL THIS APP IF YOU RUN A CLOUDFLARE POWERED SITE!!!

For us it its kind of funny, just a simple dns setting. Although they probably have other malware on their machine they should tend to.