Time to check your DNS settings?

Update: A US Federal Court extended the deadline for shutting down the replacement DNS servers to July 9, 2012.

On Wednesday, the German Federal Office for Information Security (BSI) published a press release advising users to recheck DNS server settings on their computers. This recommendation is related to the successful botnet takedown – dubbed ‘Operation Ghost Click’ –  led by the FBI during November 2011.

The bad guys behind this botnet had infested approximately 4 million computers in more than 100 countries with malware called DNSChanger. This Trojan horse allowed them – among other things – to redirect requests of unsuspecting users to malicious or illegal destinations by altering their connection settings, namely the address of the DNS server. More detailed information on this scam can be found in a post by Stephen Cobb.

Now, what’s all the fuzz about after more than 9 weeks, you might be wondering? Well, if you happen to be one of the ‘brave ones’ running their systems without any anti-malware protection, or if that protection hasn’t been – for whatever reason – triggered by this malicious code, your computer might still be infected. No need to panic – all the malicious DNS servers were replaced with correctly-operating systems during the takedown.

Having said that there are two good reasons to check your system anyway. The first and pretty obvious reason is that you don’t want any unwanted process running on your computer without your consent, right? The second is that if your PC is still infected you won’t be able to surf the Internet after 8th March 2012. How come? Those replacement DNS servers will be shut down on that day; it’s as simple as that.



There are more ways how to check whether your PC had been affected or not. For example, you can do so manually using a form on the official web of the FBI or by visiting one of the following sites, designed with support from the BSI – www.dns-ok.de (in German) or http://www.dns-changer.eu/en/check.html (also available in English). Also, information on how to proceed in order to clean an infected system is provided on these sites.

I think it’s worth the time, just to be sure. And even if you have dodged the bullet you might still know someone who would find this information useful.

Peter Stancik

Security Evangelist

Author , ESET

  • fairplay08

    Thanks Peter.  The German site worked for me, but I have been unable to access the fbi.gov link you provided, as well as I am unable to log-in to several other sites I usually frequent such as amazon.com, imdb.com, my.yahoo.com… The German site says my computer is not infected, but still I wonder why I am unable to log-in.  I'm still trying to figure this out and hope I can find an answer soon.

    • Peter Stancik

      It’s not easy to provide you with a remote diagnoses, I’m afraid. The link provided should be working, so I would suggest contacting your local support for assistance.

  • Joven Embate

    Thanks Peter,   ; works for me and it says my system is clear of this malware, thank you so much for all of you there in ESET. I'm using ESET Smart Security 5.0,

  • fairplay08

    Oops!  I just now saw this post again and I WAS able to get through to the FBI site with no problems.  Thanks for your response to my original posting, Peter.

Follow us

Copyright © 2017 ESET, All Rights Reserved.