DNS Changer Malware and DCWG

Posted on Jul 5, 2012 in News, Security

A couple of months ago I started seeing articles and Facebook posts about this DNS Changer Malware that will “shut off your internet”.  These articles and posts all point you to the same place, a supposedly government backed website, http://www.dcwg.org/.  Everything about this screamed “Hoax!” at me, the way it popped up out of no where, the way it went viral on Facebook before real news agencies picked it up, and the crazy claims that it was making.  Well, it turns out that this is probably not a hoax and if it is, it’s a very thorough one.

The story began back in November of 2011when the FBI uncovered a potential long term threat after a two year operation to bust a Spyware Ring.  The details are on their site:  http://www.fbi.gov/news/stories/2011/november/malware_110911

When that happened, no one really took notice.  It wasn’t until the article was updated in March of 2012 that this really started to take off.  In March the information exploded like it only could on the Internet and Technology News Sites started talking about it soon after.  It has since died back down and become almost forgotten, but now we are within a week of the purported date and the Facebook posts have started back up.

So, here is what you really need to know:

Estonian Hackers released virus/spyware programming over several years ago that redirects users browsers to alternate DNS Servers.  This would allow them to control where you go on the internet regardless of what you click on.  The FBI located, arrested, and took over the alternate servers.  Instead of shutting them down completely, which would have caused everyone now pointed at the servers to lose internet connectivity, the FBI left the servers up and running so that an attempt could be made to repair infected systems.  Those servers are due to be shut down on July 9, 2012 and computers that are still infected will no longer be able to browse the internet.

The good news is that the percentage of infected computers is very low and your chances of having been infected are very slim.  The even better news is that the DCGW site (http://www.dcwg.org/) makes it very simple to find out if you are infected and to fix the issue if you have it.  Just click on the link and click on the green radar image on the top left of the page.

I have yet to personally see any infected computers, I would be very interested to know if anyone checks out their computers and finds that they have been compromised.  Leave your comments and questions in the section below.

Dennis Edmondson Jr
Computing Concepts LLC

Share via email Share