DNS Changer Malware and the FBI's July 9th Deadline - A Few Answers

[Article first published as DNS Changer Malware and the FBI's July 9th Deadline: What It Is and What You Should Know on Blogcritics.]

Depending on how close you are to your local nerd, you should have already heard about a computer virus that is claimed to eventually cause thousands of people to lose their internet access in just a few days on July 9th.  Some folks don't even know it's coming, some have waved it off as a hoax, and some have even gone so far as to claim immunity because of course, nothing could penetrate their primitive anti-virus shields, regardless of everything I've been trying to tell them.  At any rate, it's happening.   So what exactly's going on?   The culprit behind this scheduled havoc is a particular class of malware known as DNS Changer.  Before I get into what exactly it's doing, I should give you a short primer DNS and what it does - because after all,  like it's named, DNS Changer changes DNS.

"Phone Numbers for the Web" - A Quick DNS Primer

Think about phone numbers for a second.  Suppose my phone number is (123) 456-7890.  If someone has that phone number written down, and just that phone number, they have no idea who exactly they're calling if they punch it into a phone.  The information they have to contact me over the phone is incomplete.  Now if they have two pieces of information - the phone number and my name to go with it, then that makes far more sense.  Now they know that I'm at the other end of (123) 456-7890.

DNS is exactly the same thing.  Internet websites have what's called an IP address (think phone number for a website).  Now let's make an example.  I'm going to give you an IP address, and you tell me what that address goes to.  Ready? OK, here it is: 173.194.75.103.  Complete gibberish to you?  I'll tell you what.  Take that number and put it into your web browser where you put in what website you want to go to, and tell me if it doesn't take you right to Google.  DNS is what allows your browser to cleanly translate domain names to IP addresses - in this case it matches up 173.194.75.103 to "http://www.google.com."  Just like a phone number.  You don't get out your cell every time you want to call me and dial out (123) 456-7890.  You go to my name.  Your address book, as it turns out, is a mini list of DNS entries, matching numbers to names.

That was just a basic primer, but it gets far more complex than that when it comes to the Internet.  There's not just one DNS server, but many that communicate to allow you to browse the web.  You browse the web primarily using the DNS servers that belong to your Internet Service Provider (Comcast, Verizon, Roadrunner, or whoever you pay your bills to).

What Does DNS Changer Do?

So now that you have a better idea of what DNS is, let's look at what DNS Changer does.  In the end it can do the same thing that email phishing scams can do in the sense that it can lead you to fake and fraudulent websites to try to steer you in the wrong direction.  This works a little bit differently though - instead of sending you fake links hoping that you'll click them without paying attention, DNS Changer literally changes your DNS settings, giving the intruder the ability to change where you go and leave your computer wide open to a number of cyber attacks.  The image to your right is a great concise diagram from the official FBI website that shows how it works.

The FBI has been able to identify networks of these rogue DNS servers that can potentially do you harm through what was known as Operation Ghost Click, and have taken a number of steps not only to disable them, but to help internet users until they do.  They've been working with ISPs and providing known clean DNS servers so that affected users can redirect to them to browse safely.  On July 9th, support for these temporary clean DNS servers ends, so everyone has to make sure that they're up to snuff.

What Can I Do?

But fear not friends.  There is something that can be done.  First and foremost, go to this website to check if your current DNS settings are legit and not hijacked: http://dns-ok.us/.  If the image comes back with a nice green background like at the top of this post, then your DNS settings are in good working order.  If it comes back red, that means your DNS settings have been jacked to hit rogue DNS servers and you have some fixes to make.  There will be a link too that will point you in the right direction.

If it comes back red, there are steps you can take.  The FBI as well as the DNS Changer Working Group (DCWG) have sites set up to guide you through the process that you can get to at the bottom of this post.  The most important thing to remember is that if your check does come back red, as I mentioned that means that you could be vulnerable to additional malware and viruses.

Check in with your local nerd if you have any issues or questions.  I've also set up a temporary email address you can send your questions to through July 9th, at helpdesk@tusharnene.com.

DNS Changer Checker: http://dns-ok.us

Official FBI DNS Changeer website:http://www.fbi.gov/news/stories/2011/november/malware_110911

DCWG DNS Changer website: http://www.dcwg.org/