DNS Changer Malware: check it out!

Back in November 2011 the FBI, NASA-OIG and the Estonian police arrested the operators of “Rove Digital”, a front company among whose activities was the spread of distributed DNS changing viruses. Although the operation has been shut down, the malware set loose still infects many hundreds of thousands of computers. More information and detection tools can be found at the DNS Changer Working Group (DCWG) site.


The above linked site has a truckload of information for users and enterprises to help them prevent the spread of the virus, including tools to detect its presence and remove it from infected systems.

This continues to be news because very shortly the DCWG will be shutting down the “clean” DNS servers that they put in place of the original Rove machines. When that happens infected computers will be unable to resolve Internet names, including those of websites and other services.

To assist victims affected by the DNSChanger malicious software, the FBI obtained a court order authorizing the Internet Systems Consortium (ISC) to deploy and maintain temporary clean DNS servers. This solution is temporary, providing additional time for victims to clean affected computers and restore their normal DNS settings. The clean DNS servers will be turned off on July 9, 2012, and computers still impacted by DNSChanger may lose Internet connectivity at that time.

FBI’s Operation GhostClick Information Page