DNS Malware: Is Your Computer Infected? (DNS Changer)

[USA.gov]

Criminals have infected millions of computers around the world with malware called DNSChanger which allows them to control DNS servers. As a result, the cyber thieves have forced unsuspecting users to visit fraudulent websites and made their computers vulnerable to other kinds of malicious software. Learn more about DNSChanger and how to check your computer's settings.

What Does DNSChanger Do to My Computer?

DNSChanger malware causes a computer to use rogue DNS servers in one of two ways. First, it changes the computer’s DNS server settings to replace the ISP’s good DNS servers with rogue DNS servers operated by the criminal. Second, it attempts to access devices on the victim’s small office/home office (SOHO) network that run a dynamic host configuration protocol (DHCP) server (eg. a router or home gateway). The malware attempts to access these devices using common default usernames and passwords and, if successful, changes the DNS servers these devices use from the ISP’s good DNS servers to rogue DNS servers operated by the criminals. This is a change that may impact all computers on the SOHO network, even if those computers are not infected with the malware.

Am I Infected?

The best way to determine if your computer or SOHO router has been affected by DNSChanger is to have them evaluated by a computer professional. However, the following steps can help you gather information before consulting a computer professional. To determine if a computer is using rogue DNS servers, it is necessary to check the DNS server settings on the computer. If the computer is connected to a wireless access point or router, the settings on those devices should be checked as well.

More...