Only July 9th, the Internet will cease to exist for some users. It is the end of Facebook updates, junk email and banner ads. Wait, this sounds like a good thing!
Kidding aside, I am talking about a piece of malware called DNSChanger that came out in 2007. It affected Windows users at first and then it was so popular (in the making tons of money for criminals category) that the criminals decided to release it for Macs. So, in 2008, Mac users would get these links to enticing videos of questionable content. If you couldn’t reign in your curiosity, you would follow the links and install software “required” to view the videos. After that, your Domain Name Server (DNS) settings would be changed by the malware so that legitimate searches and websites would be redirected to malicious websites that would try to infect your computer more and generate ad revenue for the criminals.
Before I go any further, I wanted to give you a very brief explanation of DNS. DNS stands for domain name server. The Internet uses a protocol called TCP/IP to route traffic and exchange data. This protocol uses funky numbers with terms like base-10 and binary. Basically, it is four numbers separated by decimals, like 216.92.236.13. DNS will translate the more friendly macorama.com to that number. Without DNS, we would have to memorize a bunch of numbers rather than words. Now I could go into more details like IPv4, IPv6, private and public networks, et cetera. Instead, here is a website that tells you all about it.
Now that you know what Domain Name Servers are, you can see what a piece of malware that changes your DNS settings can do. If it changes it to servers that criminals have control of, they can control whatever comes up when you do a Google search of enter a web address in your browser.
There is good news. In Late 2011, the FBI disrupted this fraud ring. They seized servers that were acting as malicious DNS and the FBI actually set them up to act as legitimate servers. Here is an article about the take down. So, back to my hilarious opening sentence. Only July 9, 2012, the FBI will shut down these servers that were set up for people infected with DNSChanger. If you are infected and have not removed the malware, your Internet will stop working. You can easily remove it by downloading a free piece of software written by SecureMac.com to address DNSChanger. Download it here.
If you want to see if you are infected, go here.
– Jason
