In November of last year, authorities arrested six men in Estonia for the creation and spread of DNSChanger, which reconfigures infected computers’ Internet settings, and re-routes users to websites that contain malware, or other illegal sites. DNSChanger also blocks access to websites that might offer solutions for how to rid the computer of its worm, and often comes bundled with other types of malicious software.
By the time the FBI stepped in, DNSChanger had taken over computers in more than 100 countries, including half-a-million computers in the US alone. To help eradicate the widespread malware, the FBI replaced infected servers with new, clean servers, which gave companies and individuals with infected computers time to clean DNSChanger off their machines.
Unfortunately, DNSChanger is still running on computers “at half of the Fortune 500 companies,” and at “27 out of 55 major government entities,” reports cybersecurity journalist Brian Krebs. These computers rely on the FBI-installed DNS servers to access the Web. But if the court order is not extended, the FBI will be legally required to remove the clean servers, which would cut off the Internet for users still infected with DNSChanger.
Companies or other agencies that are unsure whether their systems are infected with DNSChanger can get free assistance here. And private users can find out if they are infected using instructions provided here.