Google To Notify Users Infected with DNSChanger Trojan
The FBI's 'Operation Ghost Click' took down an international cybercrime ring.
Google is embarking on an effort to notify Internet users if their computers or home routers are still infected with the DNSChanger Trojan, a piece of sophisticated malware that has compromised an estimated 500,000 systems. The outreach campaign comes a little more than a month ahead of July 9, the date on which the FBI is set to take all computers corrupted with the malware offline.
If your computer is among the affected crop, Google will alert you via special messages that will appear at the top of search results, reading, "Your computer appears to be infected," Google security engineer Damian Menscher explained in a May 22 blog post. Google's hope is to directly warn as many as 500,000 affected users within the week, although Menscher admitted, "We realize we won't reach every affected user."
If your computer shows signs of DNSChanger corruption, you will receive, along with the notification, recommendations from Google as to how to purge the malware from your devices. Although Google cannot guarantee its tips will fully excise the Trojan, Menscher said, "If more devices are cleaned and steps are taken to better secure the machines against further abuse, the notification effort will be well worth it."
The fear surrounding DNSChanger, and the possibility that people would lose their Internet access, began last November, when the FBI's "Operation Ghost Click" took down an Estonian cybercrime ring that had infected 4 million computers and routers worldwide (and at least 500,000 computers in the U.S.) with the Trojan.
DNSChanger (DNS is short for Domain Name System) enabled the crooks to hijack Web traffic and reroute it to compromised sites under their control, a process from which they netted $14 million in fraudulent advertising revenue.
Following the November bust, the FBI set up temporary DNS "surrogate" servers to keep the systems infected with the dangerous malware online while they were scrubbed of the malicious software. On March 5, a federal judge granted the government 120 days to keep the proxy servers running; a subsequent order pushed the deadline back to July 9.
If the Google alert tells you that your computer or router is affected, there are three things you need to do.
First, you'll have to change some technical settings on your computer. Click here for instructions on how to do so. That will make sure you still have Internet access when the fateful day comes.
The second thing to do will be to update and run strong anti-virus software that will clean up your machine, because these particular malware infections are pretty nasty. You'll probably have to pay for the software. Here's a list of recommended anti-virus software.
The third step is to check it again once you've done the first two. If you're still seeing the Google alert, check the DNS Changer Check-Up.
If that's red, your router may be infected. Check the manufacturer's website for a firmware update. At worst, you may have to buy a new router.
This story was provided by SecurityNewsDaily, sister site to TechNewsDaily.