In recent weeks, cyber-security news has been focusing heavily on DNS Changer, malware created in 2007 by six Estonian Hackers. With the FBI’s investigation and cleanup efforts coming to a close, news sources are boasting captivating “doomsday” titles regarding the malware.
To better-understand the impact of DNS Changer, it is important to have basic knowledge of DNS. Simply put, DNS is a service that translates IP addresses to humanly readable domain names (e.g. google.com or eidebailly.com). The hackers’ goal was to make significant profits (estimated around $14 million) by manipulating the DNS settings on victim computers. By controlling DNS settings on compromised computers, the hackers were able to direct users to webpages filled with advertisements, thus generating their profits.
Consequently, the FBI became involved in the investigation and mitigation efforts to stop the malware and find the culprits responsible for creating the DNS Changer malware. After arresting the Estonian hackers, the FBI subcontracted professionals to replace the malicious DNS servers with clean DNS servers. These clean DNS servers have been running since late 2011, which gave antivirus companies and Internet Service Providers enough time to implement remediation strategies. As a result, victims of the DNS Changer malware were able to utilize the clean DNS servers and regular internet service went uninterrupted. On July 9, 2012, the FBI will shut down the couple of clean servers that have been standing as a temporary fix.
The reality is that the previously infected servers are being taken down, and some users will be left without normal internet connectivity; however, the impact will be fairly minimal. Estimates of still-infected systems range around 250,000 to 300,000 total, and approximately 45,000 to 50,000 in the U.S. – certainly an issue, but hardly a doomsday headline.
Fortunately, there is an easy way to determine whether or not you will be affected by the DNS server shutdowns. To do so, simply visit the following site created by the FBI to determine your computer’s status: http://www.dns-ok.us/. If you are presented with a green background, your computer should maintain online and functioning as normal after the shutdown. On the other hand, if you see a red background, your computer will be affected. For those still infected, the DNS Changer Working Group (DCWG) has put together an informative webpage on remediating the issues: http://www.dcwg.org/fix/