Internet will break July 9! The DNS Changer virus

For a quick check to see if your PC has been affected by the DNS Changer virus, visit this web site:  http://dns-ok.us/


On July 9, 2012 a lot of computers will stop connecting to the Internet.  This is because a lot of computers got infected with a virus that changed their DNS settings to rogue DNS settings.  The FBI captured the hackers and are shutting down the rogue DNS services July 9.  Any computers that rely on the rogue DNS services will no longer connect to the Internet.

The FBI estimates that 360,000 computers are affected. The virus has been named the “DNS Changer.”

It’s all fixable.  Computers that are infected can have their DNS settings updated to valid DNS servers and the virus can be removed from infected computers.

How did this happen?

Beginning in 2007 hackers released viruses that infected PCs and the viruses changed the PC’s DNS server settings.  This caused the PCs to sometimes be diverted from visiting valid web sites to visiting fraud web sites that would try to steal information or further infect the PC.  The virus also caused other mischief like turning off antivirus updates, adding advertisements, installing other malicious software, selling rogue security software and more.

Technical note:  All computers use DNS to find Internet resources like web sites.  DNS servers translate friendly names (like google.com) to IP addresses (like 10.100.1.123) which computers require to find the resources.

In November 2011 the FBI shut down this hacker operation but were faced with a dilemma – if the rogue DNS serves were abruptly shut down, all the computers configured to use the rogue DNS services would suddenly stop connecting to Internet and puzzle and panic the computer users affected.  The FBI decided to run clean DNS servers in place of the rogue DNS servers.  This meant that the FBI had to maintain and pay for the clean server’s operation but gave them time to publicize what was going on and to give the infected users time to fix the problems.

Friday April 20, 2012 the FBI released the news that the temporary DNS servers that they were running would be shut down July 9 and affected computers would stop working on the Internet.  The press picked up the story and sensationalized it – PCs will lose Internet in July!

The FBI has pointed us to an informational web site to explain all this, www.dcwg.org maintained by the DNS Changer Working Group.  Personally I find their web site to be overly complicated and boring to appeal to the average computer user but it does provide links for virus detection, removal and web sites for more information.

Mark’s tech notes for eradicating DNS Changer problems

If your DNS settings are set to use the (former) rogue servers, change them to valid DNS servers.  Remove the virus from your computer with antivirus software.

Rogue DNS server IPs:

85.255.112.0 through 85.255.127.255
67.210.0.0 through 67.210.15.255
93.188.160.0 through 93.188.167.255
77.67.83.0 through 77.67.83.255
213.109.64.0 through 213.109.79.255
64.28.176.0 through 64.28.191.255

Valid DNS server example IPs:

Your ISP’s DNS servers
OpenDNS servers:  208.67.222.222, 208.67.220.220
Google DNS servers:  8.8.8.8, 8.8.4.4

Also check your router for rogue DNS settings.

A good updated antivirus should find and remove the virus(es) that changed the DNS settings and other malware that may have been installed.  A full scan by a bootable stand-alone rescue CD antivirus is the best way to scan and remove malware.  Many antivirus vendors offer rescue CDs, for example “Microsoft Windows Defender Offline Tool.”

Leave a Reply

Your email address will not be published. Required fields are marked *