The DNSChanger malware has infected more than four million computers in 100 countries, with 84,000 of those infected computers located in the US, explained Rand Beers, undersecretary for DHS’s National Protection and Programs Directorate. The malware prevents users’ anti-virus software from working correctly, allowing it to take control of the computers’ domain name systems and redirect traffic to malicious websites.
The FBI, working with law enforcement in other countries, took down the DNSChanger botnet and arrested six Estonian nationals accused of running the fraud ring in November of last year.
Beers explained that the FBI took control of the DNS servers implicated in the botnet and redirected compromised computers to “clean” servers operated by the private sector nonprofit Internet Services Corp. However, the clean servers will be shut down on July 9 and users who have are still infected by the malware may not have access to the internet after that date.
DHS is recommending that users visit the DNSChanger Working Group website, which has a test to see if a computer is infected and a tool to remove the malware.