A few years ago, some not so nice bad guys online, thought it would be a great idea to get between an ususpecting user and the sites they thought they were visiting online. They created a type of nasty malware that has gone by the name by several AV companies called Dns Changer. It main purpose was to spoof the user to change the DNS servers your computer uses to the ip address of the servers owned and operated by the cyber-criminals. As you can see the gang from Estonia could intercept an unsuspecting users traffic and eventually monetize it. Turns out the cyber -gang was later arrested and the FBI confiscated the servers. So what could the problem possible be after all this time ?
Turns out that a court ordered the FBI to turn these servers back online Monday June 9th 2012. So to see how this could possibly affect you, or someone you know ? Tune in after the break for a bit more. After all it may be better to be safe than sorry come Monday !
For an interesting read on how the Dns Changer works its nasty deed, some details can be found in an Avast Blog Post with an explanation that is easy to understand, and to check and fix. Basically if your DNS server settings have been modified from the Dns Changer and are now under the control of the FBI. Even though it is very unlikely that you may be infected, some users may have no clue that their setting are wrong.
“But on Monday, the name resolution will cease to work and all sites will just return “Server not found” or similar messages.”
“The DNS redirection may be done on your computer, or, if you don’t care about your passwords, also to your home router. DNSChanger had an extensive list of default passwords for the routers so it could have changed the DNS settings in the router’s control panel.”
If it has been a while since you ran ipconfig /all from the windows cmd line it likely would not hurt.
You can also manually check the DNS settings for the ip address used by the DnsChanger:
188.8.131.52 – 184.108.40.206
220.127.116.11 – 18.104.22.168
22.214.171.124 – 126.96.36.199
188.8.131.52 – 184.108.40.206
220.127.116.11 – 18.104.22.168
22.214.171.124 – 126.96.36.199
If your DNS server is set to any of the above address, you have problem, which is beyond the scope of this article, depending on the operating system and router in use.
Meanwhile a simple sanity check for those still reading would be to go to http://www.dns-ok.us/ to see if you are in the green.
Probably would not hurt to run ipconfig /flushdns at the Windows cmd prompt every one in a while either.
For more information regarding detection, fixes and statistics visit great site of DnsChanger Working Group. http://www.dcwg.org/protect/
Source: Avast blog post