Are you at risk from DNS Changer? You better find out soon. As of July 9th, if you are infected, you could lose your Internet access.
The DNS Changer malware first began infecting PCs around the world at the end of 2011. DNS Changer does what its name implies; the malware changes the DNS settings on a user’s PC. DNS is the critical Internet technology that matches a domain name (i.e., example.com) with the IP address location of the actual server. When DNS information is changed, a user can be taken to a different location than they want to go to.
The command and control infrastructure for DNS Changer was taken down in an FBI operation back in November of 2011. Since then, a court order has enabled the Internet Systems Consortium (ISC) to operate replacement DNS servers for the network that had been controlling DNS Changer. That court order expires on July 9th, at which point all those infected will have some serious problems.
“On July 9th the court order expires and ISC will turn the servers off and users that have their DNS pointing to DNS Changer addresses will no longer be able to get a DNS reply,” Vikram Thakur, principal research manager at Symantec Security Response, told eSecurityPlanet. “At that point they will not be able to resolve any web address, whether it’s Google.com, Facebook.com or Symantec.com.”
While the DNS Changer malware has been known for some time, there are still potentially hundreds of thousands of Internet users that will be at risk come July 9th. Internet security company IID (Internet Identity) has reported that at least 60 companies on the Fortune 500 list are currently infected with DNS Changer. While that number might seem large, it is a significant improvement over the 50 percent, or 250 Fortune 500 companies that IID suspects were infected with DNS Changer in January of this year. U.S Government agencies also were heavily infected at the beginning of the year with 49 percent of them at risk in January. As of June, IID reports that only 4 percent of U.S. government agencies are still infected with DNS Changer.
“I think there will be outages,” Thakur said. “But I don’t think it will happen all at the same time since most of the people that are affected and have not yet cleaned up , they are just generally slow to react to technical issues and some of them might not be using their machines everyday.”