Find Out if Your Computer is Infected by This Virus Before Monday, July 9, 2012
The FBI believes that 277,000 computers are infected with a malware that could take people off the Internet on Monday, July 9, 2012, called the “DNS Changer Malware.” Here’s a site set up by the FBI for you to see if your computer is infected.
To see if you’re infected and to learn how to strip your computer of the virus, go to dcwg.org.
Back in November, the FBI set up temporary clean servers for those affected by the virus, but they’re cutting that service off on Monday. They estimate that 45,619 computers in the U.S. are still infected.
What is the DNS Changer Malware?
On November 8, the FBI, the NASA-OIG and Estonian police arrested several cyber criminals in “Operation Ghost Click”. The criminals operated under the company name “Rove Digital”, and distributed DNS changing viruses, variously known as TDSS, Alureon, TidServ and TDL4 viruses. You can read more about the arrest of the Rove Digital principals here, and in the FBI Press Release.
What does the DNS Changer Malware do?
The botnet operated by Rove Digital altered user DNS settings, pointing victims to malicious DNS in data centers in Estonia, New York, and Chicago. The malicious DNS servers would give fake, malicious answers, altering user searches, and promoting fake and dangerous products. Because every web search starts with DNS, the malware showed users an altered version of the Internet.
Under a court order, expiring July 9, the Internet Systems Consortium is operating replacement DNS servers for the Rove Digital network. This will allow affected networks time to identify infected hosts, and avoid sudden disruption of services to victim machines.
If you are skeptical about following a link talking about a virus, read this press release from the IRS: http://www.fbi.gov/news/stories/2011/november/malware_110911