How to Protect Your Computer from the DNS Changer Malware
Well as per the rumors and news from different sources, it is expected that July 9th 2012 is the deadline to a DNS Changer Malware and is called as the ‘Internet Doomsday‘. DNS is known as Domain Name System which converts handy user-friendly domains into numerical IP addresses that computers uses to do conversation with other computers. The rumor says that, about 2,50,000 users across the world are at a potential risk to loose their internet connection on July 9th due to malwares from a hacking scam that US shut down November 2011.
Experts says, the viruses were designed to redirect Internet traffic through rogue DNS servers controlled by criminals, according to the FBI. DNS servers are computer switchboards that direct Web traffic. Moreover few internet users would be at risk as the ISP’s would be on duty to quickly restore their service.
Impact of the DNS Changer Malware
The FBI has published guidance on DNS Changer Malware. Image credits – FBI
1. Server Blockage for the Antivirus and Firewall
The malware infects your computer system in such a way that your firewall services, antivirus, or any other defender tools will be unable to connect to the servers to receive the latest updates to tackle against it. When an antivirus tries to connect to it’s server for the updates, the virus blocks it and hence you will get an error, i.e. ‘Cannot connect to the server‘.
2. Device Access Attempts
It attempts to access devices on the victim’s small office/home office (SOHO) network that run a dynamic host configuration protocol (DHCP) server (eg. a router or home gateway). The malware attempts to access these devices using common default usernames and passwords and, if successful, changes the DNS servers these devices use from the ISP’s good DNS servers to rogue DNS servers operated by the criminals. This is a change that may impact all computers on the SOHO network, even if those computers are not infected with the malware. (as per stated by FBI)
3. Click Hijacking
Clickjacking or Click Hijacking is a malicious technique of tricking a Web user into clicking on something different to what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.
It is a browser security issue that is a vulnerability across a variety of browsers and platforms, a clickjack takes the form of embedded code or a script that can execute without the user’s knowledge, such as clicking on abutton that appears to perform another function. The DNS Changer Malware redirects you to different website, instead of the one on which you clicked!
Image Credits – Imperva.com
How to Know If You’re Infected by the DNS Changer Malware ?
This comes to a little bit of worried question whether you’re infected by the malware virus or not ? As if you’re then what to do and what to not to disinfect it and if you’re not infected then what to do in order to stay protected from it. DCWG (DNS Changer Working Group) has made an online system check tool which will perform a very quick test and determine whether your system has been infected or not.
By clicking the page, it will do an instant DNS scan and when it is opened if you see green color then, give a phew expression as you have not been infected by the virus but if it’s red color then it’s a matter to worry about as your computer has been infected by it.
If you’ve been infected then it’s really a bad news and it can take 3-4 days actually to fix the problem that’s because the malware is in a deep section of the hard drive called the “Boot Sector” and it’s extremely hard to get rid of it. If you are infected with the virus, then you’ve got a longer, but not impossible, process ahead of you.
How to Fix & Protect Your System from the DNS Changer Malware ?
First of all the good thing is DCWG has a well described page of trusted tools and a detailed step-by-step guide to fix your computer system. Click here to view it. Below is a small table of Rogue DNS Servers i.e. if your computer is configured to use one or more of these servers, it may be infected with the DNS Changer Malware.
The DNS Changer Working Group (DCWG) said that those infected with the virus should first back up any important files. One can do that fairly easily with an external hard drive or even a Pen Drive. Scanning the computer regularly for viruses is a good idea to make sure that virus definitions are up-to-date. Windows/Apple users check whether you’re using a Rogue DNS Server or not, if you find one then follow the fix given by DCWG!
Windows Users
1. Open the run command by pressing Win+R and write down cmd.exe to open the command prompt. Or else directly select the run from the start menu and proceed with the same.
2. At the command prompt write down ipconfig/all . This will look up for all the entries that reads DNS Servers. The numbers on the lines below it are the IP addresses for your DNS servers.
3. Make a note of the IP address for the DNS servers and compare them to the table above. These numbers are in the xxx.xxx.xxx.xxx where x is in the range from 0 to 250. If the IP addresses of your DNS server appears in the table above, then the computer is using a rogue DNS.
Apple Users
1. Click on the Apple Icon from the top left corner and then choose system preferences. And then from system preferences choose Network.
2. The network pane will show a number of possible connections at the left side. Choose the active connection of yours and then click on the advanced button in the lower right corner. After that choose DNS from the options to show the DNS servers you’re using. Compare them with the above table.
That’s all about the DNS Changer Malware effects, fix and protection. Possibly if you are infected then you’ll loose your internet connection today and I recommend you to contact your ISP asap if you’re a victim. They will be able to give you the instructions what to do next. Till then, have a better browsing and be sure to update your security essentials before you get pampered by the virus 
News and Sources via FBI, HT, Reuters and Yahoo! News
