If you've still got DNSChanger on your computer, you could be in for a frustrating summer. The FBI has repeated a warning that as many as half a million computers still infected with the malware could lose their Internet connections on July 9 because the agency is shutting down an expensive workaround to the problem.
The FBI has been running DNS servers since last year to replace malicious servers used by a group of Estonians to conduct an affiliate and referral fee scam made possible by the DNSChanger Trojan, which diverted users seeking legitimate websites to sites the cybergang wanted them to visit in order to collect fees from their traffic.
About 100 servers masquerading as legitimate DNS servers were seized and shut down last November when law enforcement authorities working with the FBI arrested six of the seven individuals in Estonia responsible for infecting millions of Windows and Mac machines worldwide with the DNSChanger Trojan in what they called the "Operation Ghost Click" raid.
Since machines with DNS settings modified by DNSChanger would be unable to access the Internet once the rogue servers went dark, the FBI obtained a court order that allowed the non-profit Internet Systems Consortium to set up alternate DNS servers to temporarily replace the malicious servers. These servers were intended to give people time to clean up the infection. The court order was originally set to expire March 8, but prosecutors filed for an extension with the U.S. Court in the Southern District of New York because a significant number of computers still remained infected.
That extension is set to end on July 9 and it appears now that there won't be another one, so computer users are advised to check to see that DNSChanger isn't infecting their machines as soon as possible.
DNSChanger malware replaces the Domain Name System settings in the computers and routers it infects with addresses of malicious servers. When the rogue DNS servers were still active, users would try to access certain websites and get redirected through other servers controlled by the criminals. The gang behind DNSChanger is alleged by the FBI to have pocketed millions of dollars in affiliate and referral fees by diverting users through those sites.
The good news is that fixing DNSChanger is pretty easy. PCMag's Fahmida Y. Rashid explained how to go about identifying and removing the malware from your computer last month.
Since a lot of the solutions for the problem are best accessed online, users who don't remove the malware by July 9 could have a tough time fixing their computers after that date.
Fahmida Y. Rashid contributed to this report.
For more from Damon, follow him on Twitter @dpoeter.
