Thousands of internet users are waking up to no web connection this morning, with the temporary servers handling those infected by DNSChanger being shut down. ISPs and the FBI had warned surfers that, had their DNS settings been changed by the malware, they would lose access to the workaround fix that had been in operation for the past few months. Estimates of how many people will be impacted today are unclear, with the numbers of those relying on the most active servers last month exceeding 100,000.
In fact, according to the DNSChanger Working Group, the team established to handle the fall-out of the malware, back on June 13 there were 135,331 unique IPs accessing the top 25 replacement servers. Since then there has been a sizable outreach campaign as ISPs and others attempt to warn those users affected. In late May, around 330,000 systems were believed to be infected.
DNSChanger was a trojan that changed DNS settings – the links to servers which point browsers in the right direction for the sites you request – to alternative, compromised ones. Control of those sites allowed the malware operators to collect user data, show adverts for fake products and otherwise manipulate the internet experience.
Thankfully, the method of cleaning up a DNSChanger infection has improved since the early days, when a complete reinstallation of the OS – whether Windows or OS X – was required. Now, there’s a simple set of tools which do it without all of that headache, though it’s still advisable to run a full backup of personal files beforehand, just in case.
If you’re reading this (and you’ve not been forced to turn to a smartphone or tablet with your regular computer refusing to load sites) then you’re okay, but stand-by for parents and friends who may have complaints.