What to do about DNSChanger

It’s a long, long story. It starts with the arrest in November 2011 of six Estonian cybercriminals who managed to infect millions of computers with malicious software known as DNSChanger.

This malware would compromise search results, direct infected PCs to rogue websites, compromise antivirus software and insert rogue advertisements into legitimate pages. These guys made a load of money before they were nabbed.

However, even after the arrests, plenty of computers remained infected. The FBI set up temporary servers for infected PCs, but those will be coming down on July 9, 2012. In other words, if your computer or router is infected, you won’t be able to connect to the Internet, starting Monday.

(“Five Years” by David Bowie just popped into my head, but in this case, you’ve got about three days.)

The first thing you need to do is check to see of your machine is infected. The DNSChanger Working Group provides a list of sites that check your computer here. If it says you’re good to go, no additional action is required.

However, if you get a red light, you’ll have to fix your computer. The DCWG provides instructions here, along with links to tools that specifically remove the malware, but you may need to take your PC to a professional computer repair shop.

I’ve heard that about 70,000 computers are still infected (this one’s clean!), so it’s not as if the entire Internet is going to die on Monday (as some of the jumpier news sources have implied), but you still don’t want to find yourself unable to connect and cut off from solutions to the infection.