In 2007 a Trojan made its way through the internet and into the computers of millions of users. This Trojan changed the DNS of the infected computers to a rogue DNS network that the creators of the Trojan had control of. The DNS or Domain Name System is the system which translates a domain name into an IP address for locating the domain on the internet. For instance when you type in Facebook.com, it is translated into the IP address 22.214.171.124, which is the IP address used for finding the website on the internet.
What The Trojan Does:
The DNSChanger Trojan infects the computer and changes the DNS settings. This allows the rogue DNS network to direct the user to any page they want them to access. This means if you were trying to go to Facebook.com, the rogue network could direct you to a site full of spam, viruses, adult ads, or worse. This caused millions of infected users to be directed to the sites the Trojan creator wanted them to go to and unable to reach the websites the users originally wanted. With millions of computers connected to broadband internet that stays online even when the computer is not in use, the Trojan was able to spread quickly.
The Trojan directed users to their websites and tricked the users into giving up personal information. This was done through false advertisements for virus protection that was designed to make the user believe their computers were infected and that the antivirus software they purchase would be able to clean the computer. In the 3 years the Trojan was active, the criminals responsible were able to collect roughly $14 million in stolen funds from infected users.
The FBI Steps In:
In 2011, the FBI was able to arrest the crime ring responsible for the Trojan during a sting operation called Operation Ghost Click. After seizing the computers, the FBI learned the Trojan was capable of much more. The Trojan was also able to affect other internet services such as email, chat programs, calendars, and even backups.
If the FBI shutdown the DNS network created by the crime ring, the millions of infected computers would not be able to connect to the internet. Instead they converted the network into a legitimate DNS system, allowing the infected users to continue accessing the internet.
Although the amount of computers that were originally infected has declined considerably, there are still around 350,000 infected computers still connected to the DNS network originally created by the crime ring and now operated by the government. However, they are shutting the network down.
Originally scheduled for March 8th, the shutdown was pushed back to July 9th in an effort to allow the infected computers to clear the Trojan from their systems. Those who are still infected on July 9th will lose access to the internet as the DNS network they are connected to will be shutdown.
If you are unsure if you are one of the infected computers, there are malware checking tools that will scan your system and remove the Trojan. This will allow your DNS settings to return to normal and keep you connected. Norton Antivirus, McAfee VirusScan and Avast are among the most popular software that will be able to detect and remove the DNSChanger Trojan.
John Deschamp is a network administrator and freelance blogger for highspeedinternet.net, a site he often recommends to those looking to learn more about how broadband internet works.