Does the name DNSChanger sound familiar? Well I’m quite sure it wasn’t to many until recently when the word went out on web, thanks to the-kinda-hyped initiative from ISPs and FBI. Most infected users were incognizant of the threat of getting disconnected from the internet. So before we get down to solving the problem, let’s get a formal introduction to the threat it possesses.
What is DNS?
As per Wikipedia,
The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. A Domain Name Service resolves queries for these names into IP addresses for the purpose of locating computer services and devices worldwide. By providing a worldwide, distributed keyword-based redirection service, the Domain Name System is an essential component of the functionality of the Internet.
In plain English, DNS is an interpreter that translates human understandable domain names into IP requests readable by a computer server. So if they are absent, you are practically disconnected from the web unless you know the IPs for your daily Facebook and Twitter addiction. Think of a lone blind man in a blind alley. Without DNS an internet user is just that blind person.
So what’s DNSChanger?
Known by many names (TDSS, Alureon, TidServ and TDL4 viruses) the DNS Changer is a malware that changes your DNS for malicious intentions. So typing a URL, instead of taking you to an original website, will show you an altered version that serves the purpose of the perpetrators promoting fake and dangerous products. On November 8 last year, FBI and Estonian police arrested individuals operating under the name “Rove Digital”. This unearthed “Operation Ghost Click” that, so far, has victimized around 570,000 (while experts place the number somewhere around 250,000) computers.
Why is this sudden urgency?
While the incident is quite old, the good guys managed to hinder the actions of the DNSChanger by running an alternate server for the Rove Digital botnet so the infected users may continue to enjoy proper DNS redirection up to the time, they find a cure for the disease. Under court order, these(two) servers will be down from today and infected users won’t be able to browse internet in a way it actually works.
Cure for the Itch
DNS Changer Working Group(DCDW) has nice set of links which you can use to check if your computer is infected with DNSChanger and if so, how to remove DNSChanger malware. I’m not delving into more as the steps/tools illustrated there are not so theatrical and any average Joe can get them done.
If you are late to fix it and you can’t just visit websites for a query, here’s a IP to the URL (188.8.131.52/search?q=dns+changer+working+group) where you can find answers to fix DNS Changer malware.
What if I’m not so unlucky?
I’ve read a dozen pieces by now, and a hundred more updates on the social networks. That inspired me to come up with such a scary title for the article and as it may suggest ANY user might lose their much beloved internet connectivity. That’s a false underlying notion. Well, if you aren’t affected, YOU AREN’T GOING TO SUFFER. Keep enjoying the epic fail videos until the Internet really falls apart.
That’s one of the ugly sides of technology. Any average user is hardly aware of the existence of the complex mechanisms that work in background in order to make their computing task a breeze. So if anything goes wrong in the backstage they are only worried if something in the performance behaves weirdly. And if it isn’t, well they hardly even feel that it actually happened. That’s the case with this security threat which so far didn’t seem to be a trouble, although, it had serious implications like disabling antivirus features to do what it was intended for.
The internet community has always been judgmental and several conspiracy theories are already out. As they point out, like the Y2K crisis, as anticipated, this DNSChanger issue won’t actually mean a doomsday for the internet users. Frankly, a few thousand strong infected users can hardly be a dent in a crowd of billions. However, if you are one of them, you have big reasons to worry and perhaps it will be wise to get it fixed and now is a great time to do that.