The DNSChanger malware is expected to cause over 350,000 computers to lose their access to the internet on 9 July, according to ZDNET. The Federal Bureau of Investigation (FBI) has warned internet users across the world that if Alureon/DNSChanger bot virus exists in their computers then they will lose their internet connections on 9 July, according to NDTV Gadgets. "The clean DNS servers will be turned off on July 9, 2012, and computers still impacted by DNSChanger may lose Internet connectivity at that time," explains the FBI.

It is reported that way back in 2007, the DNSChanger malware was used by a cyber ring to infect about four million PCs in more than 100 countries. Thieves were able to alter internet advertising in order to churn out at least $14 million in illicit fees, according to the FBI. The malware was so effective that it prevented the users' anti-virus software and operating system from getting updated resulting in exposing the PC to more malicious software.

The DNSChanger malware is expected to cause over 350,000 computers to lose the access to internet on 9 July
The DNSChanger malware is expected to cause over 350,000 computers to lose the access to internet on 9 July. Image Credit: DCWG

How does the DNSChanger affect your computers?

Domain Name System (DNS) is a naming system for PCs or any other resources in order to connect to the internet. The DNS will convert domain names into Internet Protocol (IP) addresses. For instance, if a user enters the domain name on his/her web browser's address bar then the PC will contact that particular DNS server in order to find the IP address for the required website. DNS and DNS servers are the major elements to access the internet. According to the FBI, if a criminal can control the DNS server of a user then possibly he/she can control all websites that a user connects to on the internet. The DNSChanger malware will direct user's requests to a rogue DNS server which is a bad DNS server operated by a criminal. It is done so by substituting the users' ISP's good DNS server with bad ones.

How to detect if your computer is infected with DNSChanger malware?

[1] The DCWG provides ways to find out if your computer is affected by DNSChanger malware. Clicking on http://www.dns-ok.us will show the state of your computer. After clicking if a user is able to see a green background then his/her computer is clean. Instead, if it displays a red background then the computer is infected with DNSChanger malware.

[2] Manual steps to determine if your DNS server has been changed:

For Windows XP: Users can head to Start button > Locate Run option > Type cmd (opens a DOS shell) > Type ipconfig/all > Hit Enter

After entering the command, you will be able to view your computer's network settings' information. Now, look out for the line starting with "DNS Servers" containing IP addresses. The DCWG has listed the malicious Rove DNS settings. Compare your DNS settings with the malicious Rove DNS settings to detect if your DNS server is modified.

For Windows 7: Users can head to Start button > Open Windows Menu > Click Search > Type cmd (opens DOS shell) > Type ipconfig/allcompartments/all > Hit Enter

Look out for the IPV4 information that falls under "Ethernet adapter" and find the line starting with DNS Servers. Compare your computer's DNS settings listed malicious Rove DNS settings to detect if your DNS server is modified.

For Macs: Users of Macs have to click the Apple icon which is on top left > Select System Preferences (opens dialog box) > Locate network icon (opens Network settings dialog box) > Read DNS Server line

Compare your DNS settings with the malicious Rove DNS settings to detect if your DNS server is modified.