What is the DNS Changer Malware?

On November 8, several cyber criminals were arrested by the FBI, NASA-OIG and Estonian police in Operation Ghost Click. They operated under the company name Rove Digital, and distributed DNS changing viruses and malware.

Find out more about the DNS Changer Working Group

What is a Domain Name Server (DNS)?

A Domain Name Server (DNS) are the Internet's automatic address books where you can input a name, and it will send back the IP adddress for that name

For example: If you type in www.telecom.co.nz into your web browser your computer asks our DNS server "What is the address for Telecom.co.nz?" The DNS server will reply to your computer "The address is 210.55.11.13" allowing your computer to take you to the Telecom website.

What does the DNS Changer Malware do?

The Botnet operated by Rove Digital altered user DNS settings, pointing victims to malicious DNS in data centers in Estonia, New York and Chicago.  The Malicious DNS servers would give fake malicious answers, altering user searches, and promoting fake and dangerous products.  Because every web search starts with DNS, the Malware showed users an altered version of the Internet.

A court order, expiring 9th July 2012, filed by the Internet Systems Consortium is operating replacement DNS servers for the Rove Digital Network.  This allows affected computers to run without disruption of service until 9th July 2012 so that the infected hosts can use the internet normally and be identified without disruption to their service.

How can I protect myself or remove this Malware?

We have a help page with details on what you can do in order to remove or check your system for DNS Changer Malware.

The DNS Changer Working Group (DCWG) provides step by step instructions how to detect the Malware, fix and protect your computer(s).

Was this information helpful?
 
Answer What is the DNS Changer Malware?

Additional Feedback (optional)
We would love to hear your comments on how we can improve this answer