DNSChanger Victims Will Lose Their Internet Access This Coming Monday
Victims of the DNSChanger trojan will be cut off from the Internet on Monday. Check your system now!
“This coming Monday, 9 July, the FBI will be turning off the DNS server which currently intercepts queries from DNSChanger victims. This will mean that users who are infected with the malware will be almost completely unable to access the internet normally. Users are therefore advised to check whether their computers or routers use one of the FBI-listed IP addresses for DNS queries, well before the server shutdown, by visiting dnschanger.eu or dns-ok.us.
Users who want to check their configuration manually need to look out for the following IP address ranges:
220.127.116.11 to 18.104.22.168
22.214.171.124 to 126.96.36.199
188.8.131.52 to 184.108.40.206
220.127.116.11 to 18.104.22.168
22.214.171.124 to 126.96.36.199
188.8.131.52 to 184.108.40.206
If an address from one of the above ranges is already set as the DNS server on the computer or router, it is infected with DNSChanger. Users can find out where to locate this DNS server information for their particular case using a wizard set up by the eco association. Future DNS queries can be made using servers such as Google’s at 220.127.116.11.
Until November 2011, criminals were intercepting DNS queries from infected computers and redirecting them to fake web sites. This allowed them to steal credit card details, sell fake anti-virus software and undertake click fraud.
The FBI then destroyed the DNSChanger network in Operation Ghostclick and, as a temporary solution, set up a replacement server which redirected DNS queries from affected computers to their correct destinations. On 9 July, this server is set to be switched off. Although this date and the DNS problem have been public knowledge for several months, there are still thousands of infected computers in use in the UK. Two months ago, the FBI was still registering queries from around 20,000 UK IP addresses.”