You may have heard of Operation Ghost Click, an international cyber ring that infected millions of computers. Six Estonian nationals have been arrested and charged with running a sophisticated Internet fraud ring that infected millions of computers worldwide with a virus and enabled the thieves to manipulate the multi-billion-dollar Internet advertising industry. Users of infected machines were unaware that their computers had been compromised—or that the malicious software rendered their machines vulnerable to a host of other viruses. Beginning in 2007, the cyber ring used a class of malware called DNS Changer to infect approximately 4 million computers in more than 100 countries. There were about 500,000 infections in the U.S., including computers belonging to individuals, businesses, and
government agencies such as NASA. The thieves were able to manipulate Internet advertising to generate at least $14 million in illicit fees. In some cases, the malware had the additional effect of preventing users’ anti-virus software and operating systems from updating, thereby exposing infected machines to even more malicious software.
What is a DNS? (Domain Name System) It’s a critical Internet service that converts user-friendly domain names, such as http://www.facebook.com, into numerical addresses that allow computers to talk to each other. Without DNS and the DNS servers operated by Internet service providers, computer users would not be able to browse websites or send e-mail.
What does the DNS Changer Malware do?
It alters user DNS settings, pointing victims to malicious DNS in data centers in Estonia, New York, and Chicago. The malicious DNS servers would give fake, malicious answers, altering user searches, and promoting fake and dangerous products.
These rogue servers were controlled by the cyber thieves, allowing them to manipulate users’ web activity. When users of infected computers clicked on the link for an official website like Facebook, for example, they were telling your browser the wrong IP address so it would then go to a wrong server, who would then pretend to be whatever website you were looking for or sometime even redirecting you to the right website but only after showing you pop-ups or trying to install more malware on your computer.
So how does this affect me?
Well for starters, it could cause a worldwide “Internet Blackout” starting July 9, 2012, according to the FBI. The FBI has been maintaining these rogue DNS servers BUT with them fixed so it wouldn’t affect anyone else. The FBI is wrapping up and will be finished running these servers, turning them off on
Monday, July 9, 2012 and if you’re infected you won’t be getting to websites.
Most important, if you are infected, your personal information such as bank log on info, credit card info,etc is vulnerable.
So what do I do?
All you need to do is go to this website: DNS-Ok.us *If you’re in the United States*
If you are infected with the wrong DNS servers, they will let you know how to correct the issue. If you see green you are good to go!
There is NO DOWNLOAD and NO SCAN and it’s FREE.
(psst…here’s the FIX just in case): http://www.dcwg.org/?page_id=383
Below is a list of sites to check your computer if you’re in another country.
www.dns-ok.fi Finnish, Swedish, English
www.dns-ok.ax Swedish, Finnish, English
www.dns-ok.ca English/French (Canadian)
www.dns-ok.lu English (Luxembourg)
www.dns-ok.nl Dutch (Netherlands)
dns-ok.gov.au English (Australia)
dns-changer.eu German, Spanish, English
dnschanger.detect.my Malaysian, English