On July 9, your Internet could mysteriously stop working. Unless you just happened to forget to pay your bill, the culprit will likely be a sneaky piece of malware that is hiding somewhere on your machine. Sound too far-fetched to be true? This isn’t another scare by the Conflicker worm, most commonly known as the malware that has been rumored to shut down systems operating on a certain day, usually April 1; CNET has verified the DNS Changer Malware to be a legitimate threat. The malware works by altering user DNS settings to redirect them to malicious websites and show them a “fake” version of the Internet. The DNS Changer Working Group (DCWG) has a website with information about how to detect, fix and protect yourself from this malware.
From the DCWG website: “The botnet operated by Rove Digital altered user DNS settings, pointing victims to malicious DNS in data centers in Estonia, New York, and Chicago. The malicious DNS servers would give fake, malicious answers, altering user searches, and promoting fake and dangerous products. Because every web search starts with DNS, the malware showed users an altered version of the Internet.”
The malware originates from cyber criminals operating under the name of Rove Digital. The criminals were arrested back in November, but the malware is still active and floating around cyberspace. Under a court order, victims have until July 9 to identify and fix infected machines before they are cut off from the Internet.
Fortunately, detecting the malware is incredibly easy and requires no scans or downloads. The DCWG website has a link users can click to check if their DNS is looking up addresses properly. If you believe your machine is infected, they also have information on how to remove the malware.