Cyberattacks July 2012 – DNSChanger Malware(Countdown to July 9th)
DNSChanger is malicious software (malware) that changes the infected computer’s Domain Name System (DNS) server settings to replace the Internet Service Provider’s (ISP) good DNS servers with bad DNS servers operated by the criminal.
Back in November 2011, the FBI had uncovered a network of rogue DNS servers under Operation Ghost Click. Six Estonian nationals have been arrested and charged. The FBI’s investigation showed that the DNSChanger botnets are operated under the company name “Rove Digital” which was based in Estonia. According to a press release by the FBI, DNSChanger will cause the following:
When the user of an infected computer clicked on a search result link displayed through a search engine query, the malware cause the computer to be re-routed to a different website. Instead of being brought to the website to which the user asked to go, the user was brought to a website designated by the defendants. For instance, when the user of an infected computer clicked on the domain name link for the official website of Apple-iTunes, the user was instead taken to a website for a business unaffiliated with Apple Inc. that purported to sell Apple software.
Advertising Replacement Fraud
By using the DNS Changer malware and rogue DNS servers, the cyber syndicate replaced legitimate advertisements on websites with substituted advertisements that triggered payments to them. For example, when the user of an infected computer visited the Amazon.com website, a prominent advertisement for Windows Internet Explorer 8 had been fraudulently replaced with an ad for an email marketing business.
Besides, there is a high possibility where an infected computer may also be infected with other malware. This is because in some case, the DNSChanger Malware had the additional effect of preventing users’ anti-virus software and operating systems from updating
How Do I Know if My Computer Is Infected?
You can check to see whether your computer is infected on http://dcwg.org/ by DCWG.
If the page is green, you’re in the clear. If it’s red, your computer is infected.