EKG Networking, Inc.

Your IT Department

You are here: Home / Malware / In the news should you worry

In the news should you worry

DNSChanger

What is DNS?

DNS (Domain Name System) is basically a phone book for computers. When we want to call someone and we don’t know their number, we look up their name in a phone book (at least we used to) which gives us that information. Then, we call that number to talk to them.

Computers do the same thing. When you browse to “www.google.com” your computer goes to a DNS server and asks for Google’s ip address (the computer equivalent of a phone number). Your computer then uses that ip address to connect to Google’s web site.

What is DNSChanger?

DNS Changer is a virus. Its purpose was to make your computer use their DNS server when your computer asks for a web site’s IP addresses. It would be like a criminal snuck into your house and replaced your phone book. Anytime you used their phone book to look up a phone number, that phone number would call one of their operatives whose purpose was to scam you. If infected with DNS Changer, anytime you went to a web site, their DNS server would send you to one of their servers which would try to scam you.

Why is this in the news now?

When the FBI discovered and took down these evil DNS servers. However, if they had simply turned them off, people who had been infected which DNS Changer would not have been able to get to web sites. It would be like someone suddenly threw your phone book away if a phone book was the only way to look up someone’s number.

So, instead of simply turning the evil DNS server off, the FBI replaced them with good DNS servers. On July 8th, the FBI is shutting off these good DNS servers. So, anyone still pointing to them will shortly not be able to get to web sites.

Am I infected?

If you were infected when the evil DNS server were still working, then you would have known immediately that something was wrong. However, if you had gotten infected after those evil DNS servers were replaced, then you might never know. Everything would appear normal.

Fortunately, some people have made an online test to determine whether you have been infected with DNSChanger. Simply, go here:

http://dns-ok.us/

What if I am infected?

There are many products that can remove this particular virus. The one we recommend is Kaspersky TDSSKiller.

The download and instructions are here:

http://support.kaspersky.com/faq/?qid=208283363

Keep up with the latest news from EKG Networking. Sign up with your email address to receive updates.

EKG Networking

91 Granger Boulevard
Marlborough, MA 01752
508 460-1920
inquiries@ekgnetworking.com