Pages

Saturday, May 26, 2012

Google Adding DNSChanger Malware Warnings to Search Results

DNSChanger

Google today pledged to warn users whose computers or home routers appear to be infected with the DNSChanger malware.

The roughly half a million devices still infected with DNSChanger will receive warnings atop their search results that provide steps for removing the malicious software from their machines.

What's the big deal? Computers still infected with DNSChanger after July 9 will no longer be able to connect to the Internet, so those affected need to act fast.

The problem dates back to November 2011, when the FBI seized and shut down about 100 servers that were infecting millions of computers with the DNSChanger Trojan. Infected machines had their Domain Name System settings altered so websites would redirect to servers controlled by the criminals. The scammers reportedly earned millions in affiliate and referral fees by diverting users through those sites.

The FBI wanted to shut down the rogue servers, but if they did, infected computers would have lost access to the Internet immediately. So, the FBI got a court order to continue running the servers while people applied a patch. That court order was originally scheduled to expire on March 8, but was later extended to July 9. If infected machines are not fixed by then, their Internet connections will go dark after the servers are shut down.

On Google, infected computers will see a warning atop their screen when completing a search (see below). "You computer appears to be infected," it reads. "We believe that your computer is infected with malicious software. If you don't take action, you might not be able to connect to the Internet in the future."

Google has added a link with directions for how to remove the software. PCMag's Security Watch blog also has more details on how to rid your machine of the malware, and the FBI has a tool that will let you check if your computer is affected.

"Our goal with this notification is to raise awareness of DNSChanger among affected users," Damian Menscher, a security engineer at Google, wrote in a blog post. "We believe directly messaging affected users on a trusted site and in their preferred language will produce the best possible results."

Google first started adding malware warnings to search results last summer after it noticed some unusual activity on its network while conducting routine data center maintenance. Google said today that that effort resulted in warnings for 1 million of its users.

For more, see the FBI's overview of DNSChanger.

For more from Chloe, follow her on Twitter @ChloeAlbanesius.

DNSChanger Google Warning
For the top stories in tech, follow us on Twitter at @PCMag.