Update: DNSChanger - it's not over yet


If the infected machines are not cleaned up, their users will experience a sudden disruption of services on 9 July 2012!

We have reported about the DNSChanger malware case in January already. The FBI has taken care of the malicious DNS servers and has replaced them with clean ones. But, on 9 July, the FBI has to "give up the servers" and is no longer allowed to control them, because the court order expires. Therefore, any infected computers will not be able to reach the Internet after the servers ceased to be active.

Google and many other companies were willing to play an active last-minute role in reducing problems for those who have not yet cleaned their PCs. But as it seems, there still is a very significant number of PCs infected.
The DNSChanger Working Group published their latest statistic about infected IP addresses by country on 13 June:

Screenshot of DCWG's top 10 unique IPs infected with DNSChanger malwareThe statisticsc shows unique IPs that are infected.
But one IP does not necessarily correspond to one single PC only. A small scale example: if a family has got 5 computers in its home, and a router manages their network and Internet stream, then all those 5 PCs share one and the same external IP.
Therefore, one and the same IP can correspond to many PCs and therefore the number of machines actually infected is estimated to be much higher.






What you should do: Check your network connection settings!
Manual check: Follow the instruction given in our previous DNSChanger blog entry.
Automatic check: Visit one of the numerous websites provided to check your settings automatically. Some examples: