An estimated 500,000 computers worldwide are infected with malware (spyware) called “DNSChanger.” DNSChanger modifies the DNS settings on computers and routers, causing them to use malicious servers that redirect you to fake and potentially dangerous web sites.
Last November, the FBI arrested the people who ran the operation, seized the malicious servers, and temporarily put up surrogate servers in place of the malicious ones so that infected computers could continue to access the Internet. On July 9, 2012, the government will remove those temporary servers, at which time any computers that are still infected will lose Internet access.
Are you infected?
We strongly recommend checking your home computers to make sure that they’re not infected with the DNSChanger malware. Fortunately it’s easy to check if a computer is infected simply by visiting one of these web sites:
http://security.ucla.edu/dnschanger/
http://dns-ok.us/
Google is attempting to notify people as well if their computers are infected. If you visit Google and see the notice shown in the following link, then your computer is infected:
http://googleonlinesecurity.blogspot.com/2012/05/notifying-users-affected-by-dnschanger.html
If your computer is infected with DNSChanger, see the following site for removal instructions and links to several removal tools:
http://www.dcwg.org/fix/
For more information
For more information about DNSChanger and the FBI’s “Operation Ghost Click,” see:
http://www.fbi.gov/news/stories/2011/november/malware_110911
http://www.dcwg.org/