DNSChanger ‘temporary’ DNS servers go dark soon: is your computer really fixed?

(Last Updated On: June 6, 2012)

by Cameron Camp Security Researcher

DNSChanger, a piece of malware that re-routed vast swaths of Internet traffic through rogue DNS servers after users became infected, was shut down by the FBI late last year. But simply shutting down the servers altogether would have ‘broken’ many hundreds of thousands of computers still infected–rendering it difficult for them to get help via the Internet–so the FBI and ISC orchestrated a temporary fix, which is set to end on July 9th. This temporary fix has allowed infected computers to stay connected, but that’s coming to a close.

Now Google has rolled out a program to notify people when it detects that their computer is trying to reach those temporary DNS servers. If you use Google Search that will trigger the detection process and a message will appear saying that “you might be infected” if Google detects those temporary DNS servers. This mesage could be confusing because you might have thought you had disinfected your machine. So is it possible to have your computer only ‘halfway fixed?’ (continue reading …)