Checking OSX (MAC) for DNS Changer Infections
The easiest way to check if your system is violated with DNS Changer malware is to go to one of the “are you infected sites.” www.dns-ok.us is one of the remaining active links. An archive of the original links is maintained below. (see below). These sites only require someone to visit. The “are you infected site” will inform you if you are infected.
Note: These sites only detect for DNS Changer. You might be infected with other malware. Please take appropriate precautions to protect your computer. Over the years, the threat from malware on your device is used to change the configuration of your home router has increased. Protecting your devices also means protecting your home.
Original DCWG “Am I Infecfed Sites
|www.dns-ok.us||English||DNS Changer Working Group (DCWG)|
|www.dns-ok.de||German||Bundeskriminalamt (BKA) & Bundesamt für Sicherheit in der Informationstechnik (BSI)|
|www.dns-ok.fi||Finnish, Swedish, English||CERT-FI is the Finnish national reporting point for computer security incidents and information security threats. CERT-FI is also responsible of maintaining the national information security situation awareness system.|
|www.dns-ok.ax||Swedish, Finnish, English||CERT-FI is the Finnish national reporting point for computer security incidents and information security threats. CERT-FI is also responsible of maintaining the national information security situation awareness system.|
|www.dns-ok.be||Dutch/French||CERT-BE is the primary Belgian contact point for dealing with Internet security threats and vulnerabilities affecting Belgian interests.|
|www.dns-ok.fr||French||Le CERT-LEXSI est la division de veille et d'enquête sur Internet, dédiée à la protection du patrimoine en ligne des organisations.|
|www.dns-ok.ca||English/French||Canadian Internet Registration Authority (CIRA) and Canadian Cyber Incident Response Centre (CCIRC)|
|www.dns-ok.lu||English||CIRCL (Computer Incident Response Center Luxembourg) is the national Computer Security Incident Response Team (CSIRT - CERT) coordination center for the Grand-Duchy of Luxembourg|
|www.dns-ok.nl||Dutch (Obsolete)||SIDN (the Foundation for Internet Domain Registration in the Netherlands)|
|dns-ok.gov.au||English||CERT Australia, Stay Smart Online, and Australian Communications and Media Authority joint page on DNSChanger Information|
|dns-changer.eu||German, Spanish, English||ECO (Association of the German Internet Industry)|
|dnschanger.detect.my||Malaysian, English||Hosted by CyberSecurity Malaysia and MYCERT|
|dns-ok.jpcert.or.jp||Japanese||JPCERT/CC - Japan Computer Emergency Response Team Coordination Center|
|www.dns-ok.it||Italiano||Telecom Italia Security Operation Center - IT.TS.SOC|
Manually Checking for DNS Changer Infections
The following are the original manual checks to see if your computer is infected with any of the DNS Changer malware.
Are Your DNS Settings Ok?
The malicious Rove viruses changed some peoples DNS settings to use computers they operated. Compare your DNS settings with the known malicious Rove DNS settings listed below:
|Starting IP||Ending IP||CIDR|
What if I’m infected?
If your computer is infected, please refer to our page that lists tools to clean DNS Changer and other self-help guides to clean your computer – http://www.dcwg.org/fix/.
It is recommended that multiple approaches to home and endpoint security are used. No one approach protects devices from the attacks which have evolved from the DNS Changer attacks.
Will bad guys change my router’s DNS setting?
Yes, bad threat-actors continue to find criminal value by taking over your DNS settings and having you use their DNS Resolvers. The DCWG and DNS Changer work was the beginning of a theme – miscreants want to invade your home.