DNS Changer is a malicious software (Malware)- (In simple terms it is a virus) that changes Domain Name System (DNS) setting, and directing the internet users to fraudulent websites and may install some additional malware to their computers.
In November 2011, the Federal Bureau of Investigation (FBI) identified worldwide spread of DNSChanger malware and around four million users were affected worldwide. To protect these users from losing their internet service FBI set up and operate a temporary solution. But this temporary solution is expected to be switched off by 9 July 2012. So after that the users who are affected by DNS Changer will be unable to connect to the internet. So it is essential to check whether you are affected by that malware and if yes then you have to fix that problem before 9th July.
So we will learn what is DNS, How to check whether you are affected by this malware and how to fix this problem.
What is DNS?
Fortunately we have contacts/phone book in our phones, with the help of that we are easily calling others. Think what will happen if you don't have a phonebook in your phone. Then you have to either remember all of your friends, relatives and other peoples' phone number or you have to keep a notebook to write down all the number and carry that with you to refer whenever you want.
In the previous post we have looked at, how computes use IP address to communicate with each other. (read that post to learn about IP address). Each domain have IP address. For example if you type the IP address 126.96.36.199 in your address bar you can directly access www.example.com. But you have to remember this IP address to enter this site every time. But each day you are accessing hundreds of new websites so remembering all the IP addresses to communicate with the domain is not possible. Some domains like google have multiple IP addresses and also domain's IP addresses may change over time. To help us access all the domain names fortunately we have DNS (Domain Name System). It works like a phonebook. When you enter a domain name (such as 'www.google.com') into your web browser, the computer contacts the DNS servers to find the IP address that corresponds to that domain name (for example, 188.8.131.52). Then your computer uses that IP address to connect to that particular website. The DNS server you access is usually operated by your Internet Service Provider (ISP) and which is a part of the network which connects your computer to the internet. Without the DNS servers, you would not be able to access websites, send e-mail, or use many other Internet based services.
What DNS Changer will do?
What will happen if somebody save your fathers number under your girl friends name in your phone book. When you call your girl friend your father will answer :). (Just for fun)
DNS Changer will alter your computer's DNS setting and also it will try to replace the default setting of your routers. So when you are trying to connect a website, DNS server will direct you to some other sites. Mostly criminals will try to direct you to some fraudulent websites and those sites may install some other malwares to your computers or they may try to steal your private information such as bank account details (username, passwords, etc.).
Am I affected by DNS Changer?
So, How to check whether you are affected by this malware? DNS Changer Working Group help us to check. You can automatically check that by visiting the urls provided by them or you can check this manually.
How to check automaticallyNote : These tools (websites) do not need to load any software on your computer to perform the check. No need to perform scan and these websites (tools) won't change anything in your computer.
Those website will tell you whether you are affected or not. If you are not affected then you no need to fix anything but keep in mind that you have to protect yourself from future attach (I will write a post about that soon).
How to check manually
If you don't want to check automatically for any reason, you can check manually by following these instructions.
If your computer is affected and if you have checked that automatically then these websites (http://www.dns-ok.us/ or http://www.dns-ok.lu/) will give you some guildlines to fix that.