FAQ : DNSChanger Trojan, Impact and Solutions
The Hacker News


Two days before we (THN) Reported that FBI will shutdown Internet on 8th March, Title seems to be more Attention seeking , Why ? Well ! Our job is to aware you about the Internet Security. If we are looking for some extra attention from our Readers then its part of our small effort to make Internet more secure space for all.

Today we are going to Explain all about DNSChanger Trojan, its Impact on Internet users and the biggest challenge for FBI to resolve it, and How a non technical user can check and Restore its computer, Hope you will share this article with your Friends, Followers and On your Site to aware them about this Serial Internet Killer.
Cybersecurity

What is DNS (Domain Name System) ? is an Internet service that converts user-friendly domain names into the numerical Internet protocol (IP) addresses that computers use to talk to each other. When you enter a domain name, such as www.thehackernews.com, in your web browser address bar, your computer contacts DNS servers to determine the IP address for the website. Your computer then uses this IP address to locate and connect to the website. DNS servers are operated by your Internet service provider (ISP) and are included in your computer's network configuration. DNS and DNS Servers are a critical component of your computer's operating environment without them, you would not be able to access websites, send e-mail, or use any other Internet services.

What is DNSChanger ? a small file about 1.5 kilobytes , DNSChanger is a trojan that will change the infected system's Domain Name Server (DNS) settings, in order to divert traffic to unsolicited, and potentially illegal sites. This Trojan is designed to change the 'NameServer' Registry key value to a custom IP address. This IP address is usually encrypted in the body of a trojan.

When ? The DNSChanger malware was first discovered around 2007, and since this time has infected millions of computers, around 500,000 of them being in the U.S., and through these computers the criminals have reportedly pulled in around $14 million in stolen funds. The FBI has uncovered a network of rogue DNS servers and has taken steps to disable it.The FBI is also undertaking an effort to identify and notify victims who have been impacted by the DNSChanger malware.

Who are infected and Technical Info ? Both Windows and MacOS users are at risk for this infection because it exploits your browser, not your operating system.Here are some known hostile IP address pairs used by the DNS Changer malware:

64.28.176.1 - 64.28.191.254
67.210.0.1 - 67.210.15.254
77.67.83.1 - 77.67.83.254
85.255.112.1 - 85.255.127.254
93.188.160.1 - 93.188.167.254
213.109.64.1 - 213.109.79.254

Why its not easy Remove this Trojan ? One consequence of disabling the rogue DNS network is that victims who rely on the rogue DNS network for DNS service could lose access to DNS services, So This Process will start on March 8 by FBI.

Why 8th March 2012 ? After the take down of the DNSChange Botnet, in November 2011, the FBI obtained a court order allowing the FBI to set up a temporary DNSChanger Command & Control network. The court order expires on March 8th, 2012. Unless the FBI obtains a new court order allowing them to continue operating the temporary network, the network will be turned off. Resulting in millions of computers, world-wide, no longer being able to access the Internet.

How to check manually that your System is Infected or Not ? The best way to determine if your computer has been affected by DNSChanger is to have them evaluated by a computer professional.
The Hacker News

Avira cooperated also with the German Federal Office for Information Security (BSI) and published the tool also on the special website created to check if the DNS requests are made to the right places: www.DNS-OK.de. Besides the website, users can also OK DNS, the DNS-repair tool from the Avira website to download here.

After 8th March all computer will be Secured ? According to FBI, It is quite possible that computers infected with this malware may also be infected with other malware. The establishment of these clean DNS servers does not guarantee that the computers are safe from other malware. The main intent is to ensure users do not lose DNS service.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.