CIRA Develops Online DNSChanger Malware Checker

2012-04-21


The Canadian Internet Registration Authority (CIRA), in collaboration with Public Safety Canada and the Canadian Radio-television Telecommunications Commission (CRTC), has developed an online DNS Checker to screen users’ computers for the DNSChanger malware.

CIRA says the free online tool lets Canadian Internet users to detect if their computer is affected by the DNSChanger malware.

The DNSChanger Trojan horse could change the DNS server settings on infected computers and divert traffic to rogue servers. The malware was cross-platform, and was said to have affected millions of PC and Mac systems worldwide, over half a million of them in the U.S.

The FBI began working with several foreign governments on Operation Ghost Click, eventually arresting several alleged perpetrators.

As part of its Operation Ghost Click, the FBI uncovered an extensive cyber criminal activity, whereas millions of computers around the world were infected with malicious software without the knowledge of the user. The malware, called DNSChanger, affected the Domain Name System (DNS) configuration of the user’s computer system. The DNS is the system that changes domain names into Internet Protocol (IP) addresses (for example, cira.ca=192.228.29.1. For more informatoin about DNS visit http://youtu.be/2ZUxoi7YNgs). The malware infrastructure, which affected over 20,000 Canadian IP addresses, redirected unsuspecting user’s to rogue DNS servers, allowing the cyber criminals to manipulate the user’s web activity. Because of the complexity and sophistication of this malware, detection and removal is challenging without the help of an IT security professional.

CIRA, Public Safety Canada, the Canadian Cyber Incident Response Centre (CCIRC) at Public Safety Canada and the CRTC have collaborated on the development and release of the DNSChanger Malware Checker, located at http://DNS-OK.ca/. (Read the complete article)