Lots of news recently about DNSChanger, malware that’s been around for a while. It can misdirect the infected computer’s internet connections to malicious sites. The FBI busted the ring back in November 2011.
So, what’s the reason for all the news? The computers that are affected are still using DNS servers at the IP addresses where the malicious servers were located.
There were so many infected computers that the FBI sponsored replacement servers for a period of time. That time is about to run out. July 9, 2012 is the day.
The FBI has put out some instructions on how to find out if you’ve been infected, and how to disinfect your system.
Unfortunately, the bad guys also took advantage of many users unwillingness to change the passwords on their cable/DSL routers — they built into the malware the ability to log into a router that had the default password, and then to change the router to use the poisoned DNS servers.
You have to check both your computer(s) and your router.
For a quick check you can use your web browser to go to http://dns-ok.us/. Note that the site says that your ISP can effectively mask the problem – you could still be infected, but the ISP’s actions could be rerouting your requests via a clean DNS.