DNS Changer

The year 2007 marked the birth of the DNSChanger malware virus, five years down the line its end has come. From today henceforth, all the servers infected with the virus will be shut down completely, as the Federal Bureau of Investigations (FBI) looks to eliminate the malware once and for all. The FBI had earlier warned all web users whose servers had been affected to consider removing it by today, July 9, as reported in one of our posts.

As mentioned in our previous post, approximately 250,000 web users could lose their internet connection by July 9th, many who did not consider removing the virus as per the guidelines could be facing internet blackout at the time of this writing.

Cyber-crime is becoming more advanced; it took the FBI more than four years to discover and design a solution to DNSChanger malware, whose creators are believed to have rerouted more than 650,000 internet servers across the globe.

Additionally, losing your internet server is indefinite. If you ignored the  free methods of removing the bug, then the shut down will cost you money to fix.

The only remaining options are:

Take your machine to a computer specialist and have the malware removed.

OR

Go to an uninfected computer and download a free DNSChanger virus scan and removal software. The software is made by DNSChanger Working Group, and can be found at dcwg.org/fix/. Users should save the software on a removable drive, like a USB flash drive, and use the device to remove the malware.

Many internet users may be aware of the name DNSChanger, but they probably do not know what it is, or rather was; the malware was created by an Estonia based company, Rove Digital as discovered by the FBI in operation Ghost Click.

The malware manipulated web searches and directed infected machines to fraudulent websites, which promoted fake products, allowing Rove Digital perpetrators to earn money from advertising on the sites.

In case you are experiencing internet blackout on your machine, and you are not sure whether it is as a result of the infection, then you are advised to check the following I.P addresses for guidance. According to CBC News, the infection is believed to have infected machines with addresses in the following ranges:

  • 85.255.112.0 through 85.255.127.25
  • 67.210.0.0 through 67.210.15.255
  • 93.188.160.0 through 93.188.167.255
  • 77.67.83.0 through 77.67.83.255
  • 213.109.64.0 through 213.109.79.255
  • 64.28.176.0 through 64.28.191.255

There is also some detailed guidance provided for determining your I.P settings, which are considered safe and secure for both Windows and Mac.