DNS Changer Malware Could Lock Unwary Users Out of the Internet on July 9
NEWS ANALYSIS: While the chances of any of your computers having an
active DNS Changer malware infection are remote, you should still check
to make sure your system is clean and confirm that somewhere along the
line your DNS settings didn’t get changed.
DNS Changer Malware Could Lock Unwary Users Out of the Internet on July 9
The DNS Changer malware has been all over the
news during the last couple of days, and with good reason. If you haven’t
checked that your computers are malware-free and fixed an apparent DNS Changer
infection, you won’t be able to use the Internet very easily come Monday, July
9.
Monday is the day that the FBI pulls the plug
on the Domain Name System (DNS) servers that have been kept running as a safety
net for people who were infected by the malware, and as a result were being
directed to bogus DNS servers.
When the servers are taken offline July 9,
the only way you’ll be able to access the Internet if you’re affected is to
type in the actual IP address because your computer won’t be able to resolve
addresses. Fortunately, it’s easy to tell if you’re affected, and the problem
is easy to fix. Here’s what you need to do.
First, visit the Website of the
DNS Changer Working Group where you’ll see a
description of the DNS Changer and what it does. You’ll also see a green button
that is labeled “Detect.” On that page, you’ll see a chart listing sites around
the world that will tell you whether your computer is resolving DNS addresses
properly. The site for the United States is
www.dns-ok.us
and it has a simple interface that presents a green square if your computer is
resolving IP addresses properly.
You should note that when I tried the U.S.
site only two of the four browsers on the test computer would actually load it.
Firefox and Internet Explorer worked fine, Google Chrome and Apple Safari did
not. Neither would load the address at all. Note that this test was done on a
machine running a 64-bit version of Windows 7. Other computers have delivered
results with various browsers.
If for some reason you’re not able to get the
site to load, try the European site at
http://dns-changer.eu,
which I found works more reliably. Note that the European site will record the
operating system and browser that you’re using.
If you get the all-clear, you’re probably
done. While it’s possible that your ISP is redirecting the bogus DNS requests
for you, you’ll still get to the Internet. If you want to be totally certain,
either check your computer’s DNS settings manually or have your IT department
check them. Note that in addition to the sites listed by the DCWG, other sites
including Google and Facebook will alert you if you appear to be having DNS
problems related to malware.
DNS Changer Malware Could Lock Unwary
Users Out of the Internet on July 9 - Clusters of Infected Machines
Indicate a Systemic Problem
But suppose you didn’t get the green light
saying that your computer is OK. If that happens, the DCWG offers
a list of places where you can access
malware removers that will clean the malware out of your system. Most security
vendors, including Symantec, McAfee, Kaspersky and Microsoft, have free
software that will clean your system.
Note that the same page also provides a list
of resources for making sure your computer is really free of malware and stays
that way. Resources for PC and Macintosh computers are included in these
lists.
Once you’ve finished the initial tests and
fixed the malware infection or its after-effects, it’s time to review your
security posture. While an infected computer or two inside a large organization
may not indicate a systemic problem, seeing more than a few will. Likewise,
seeing malware infections in clusters within an office will indicate a problem.
It may be that a specific remote office isn’t being as careful as it should,
for example, or it may mean that the anti-malware application in that location
is compromised.
If you find that your security systems are
compromised, then the answer is clear, call the person in your company who is
in charge of data security and ask for help.
Now, suppose it’s Monday morning and you just
found out that one or more of your computers suddenly can’t find the Internet
when everyone else can. If you haven’t already downloaded one or more of the
free malware removal tools provided by DCWG, you should do so now, even if you
have to use a computer outside the office. Save the malware removal tool on a
flash drive, take it to the affected computers and before doing anything else,
check the DNS settings.
You may be able to clear up the problem just
by fixing the DNS settings. If those settings don’t stay fixed, then run the
malware-removal tool doing the full-system scan. This will take a while. When
it’s finished, the malware will be gone, and you’ll have a list of what was
done.
None of this is rocket science, but some of
it is tedious. Don’t try to take shortcuts. Instead, do the full removal job.
But while you’re waiting, you can start thinking about what you need to
accomplish to make your systems as secure as they should be from now on.