DNS Changer Virus Spells 'Internet Doomsday'

Huffington Post UK  |  By Posted: 25/04/2012 13:16 Updated: 25/04/2012 17:41

The end is nigh, according to the FBI. "Internet doomsday" will strike us all on 9 July when the domain name service changer virus will disconnect many internet users from the web.

PC users whose machines are infected with the DNS changer malware must disinfect their computer by 9 July, or they will be prevented by accessing the internet.

DNS changer has already forced users to fraudulent websites, interrupted web browsing and exposed affected computers to other malicious viruses, according to the FBI.

The virus works by redirecting computer users to criminals' DNS servers. DNS servers are the critical internet link that switch domain names like Google.com into a series of numbers that computers use to talk to each other.

The virus initially appeared via an online advertising campaign, which directed web users to criminal sites when they clicked an ad.

Users of infected computers are directed to dodgy websites when clicking seemingly genuine sites. Clicking Amazon for example, could steer a web users to a site that is unaffiliated with Amazon, exposing users to viruses and denying genuine sites from advertising revenue.

Symantec said in a statement: "DNSChanger has been around for a while now and from a technical perspective nothing has changed from what we know. It should be pointed out that only Windows and Mac users are affected. Linux, Android and IOS users are not.

Users who encounter problems with internet connectivity may need to contact their IPS for their original DNS settings or use a public DNS such as google on 8.8.8.8. Also, various ISPs have already implemented some sort of DNS checks to ensure their customers are either notified or fixed before everything goes dark."

The DNS virus was allegedly unleashed by six Estonian nationals who have been arrested and charged by the FBI after a two year operation.

The six were charged with running an internet fraud ring that "infected millions of computers worldwide with the virus and enabled the thieves to manipulate the multi-billion-dollar internet advertising industry".

Kaspersky Lab, which is investigating the situation, told The Huffington Post: "Our experts at Kaspersky Lab are analysing the technical details of the malware attack that has affected a number of oil facilities in Iran. Preliminary data suggests that files on several computers were overwritten with garbage code, after which the hard disks on the targeted systems were wiped clean by a malicious program.

"The data currently available neither confirms nor disproves the theory that this incident was caused by a malicious program linked to the notorious Duqu or Stuxnet programs. At the present time, we have not identified any of the files of the malicious program that wipes the system clean." they said.

There are a number of ways to avoid "internet doomsday". Kaspersky Lab offers TDSSKiller, which detects and removes DNS Changer, while a simple visual check is available at dns-ok.us.

FOLLOW UK TECH