DNSChanger Malware

Domain Name System (DNS) is a naming system for PCs or any other resources in order to connect to the internet. The DNS will convert domain names into Internet Protocol (IP) addresses. For instance, if a user enters the domain name on his/her web browser's address bar then the PC will contact that particular DNS server in order to find the IP address for the required website. DNS and DNS servers are the major elements to access the internet. According to the FBI, if a criminal can control the DNS server of a user then possibly he/she can control all websites that a user connects to on the internet. The DNSChanger malware will direct user's requests to a rogue DNS server which is a bad DNS server operated by a criminal. It is done so by substituting the users' ISP's good DNS server with bad ones.


How to detect if your computer is infected with DNSChanger malware?

1. The DCWG provides ways to find out if your computer is affected by DNSChanger malware.
2. Clicking on http://www.siteadvisor.com/dns_checker.html?cid=109273  

Manual steps to determine if your DNS server has been changed
 

For Windows XP: Users can head to Start button > Locate Run option > Type cmd (opens a DOS shell) > Type ipconfig/all > Hit Enter

After entering the command, you will be able to view your computer's network settings' information. Now, look out for the line starting with "DNS Servers" containing IP addresses. The DCWG has listed the malicious Rove DNS settings. Compare your DNS settings with the malicious Rove DNS settings to detect if your DNS server is modified.
 

For Windows 7: Users can head to Start button > Open Windows Menu > Click Search > Type cmd (opens DOS shell) > Type ipconfig/allcompartments/all > Hit Enter

Look out for the IPV4 information that falls under "Ethernet adapter" and find the line starting with DNS Servers. Compare your computer's DNS settings listed malicious Rove DNS settings to detect if your DNS server is modified.
 

For Macs: Users of Macs have to click the Apple icon which is on top left > Select System Preferences (opens dialog box) > Locate network icon (opens Network settings dialog box) > Read DNS Server line

Compare your DNS settings with the malicious Rove DNS settings to detect if your DNS server is modified.