In November 2011, the Federal Bureau of Investigations took over a series of DNS servers that had been used by cyber-criminals to redirect usersâ€™ traffic to potentially risky locations they control. However, as disruption of the DNS system has a huge impact on the way PCs communicate over the Internet, the Bureau substituted the rogue DNS servers with valid ones to keep resolving internet names.
This will end on July 9, when the substitute servers will be taken offline, making communication nearly impossible for the average user if their DNS settings were tampered with.Â After July 9th, any computer using these rogue DNS servers will be unable to resolve domain names. The FBI says about 500,000 computers are infected, based on the number of PCs connected to the servers they seized alone. The total number of affected users could run much high.
To restore the computer to a functioning state, Bitdefender has developed a free tool that assesses the status of the DNS settings and prompts the user when rogue DNS settings are found. Please read through this document to see how to restore your system settings to normal and ensure permanent connectivity after July 9th.
What exactly is the role of DNS?
Â Computers and other devices connect to the network using what is called IP addresses – series of numbers that identify them. For instance, the bitdefender.com website has an IP address of 18.104.22.168. Since IP addresses are difficult to remember for humans, the DNS (Domain Name System) acts like a phone directory: if you know who to call, you only need to look up the personâ€™s name and the phone brings up the number. Similarly, the DNS server converts domain names into IP addresses.
If the DNS system is tampered with, chances are that the IP address of your favorite e-banking website, e-mail service or social network will lead you to a web page that is actually controlled by the attacker. This way, any data you pass to the website (including authentication information), lands into the wrong hands without the user even realizing it.
Â What will happen on July 9th?
Â On July 9th, the FBI will shut down these temporary name servers. Without DNS servers to convert domain names to addresses, computers will be unable to function properly. You will still be able to browse the web by entering IP addresses instead of URLs in the browser, but this is not only inconvenient, but also may not work in some circumstances.
Â How can I fix things up and avoid disruption?
Â First and foremost, you need to identify whether your DNS settings have been replaced with rogue DNS entries. Please download and run the DNS Changer Detector. If the tool reports that your system is clean, you have nothing to worry about. If it shows signs of subversion, follow these steps to fix your PC.
- First and foremost, rid your PC of malware. The DNS settings have likely been changed by an active infection on your PC. Run a 60-second QuickScan to see if you are infected, then manually clean the DNS Changer malware from your PC. Alternatively, you may want to install a 30-day trial of Bitdefender Internet Security 2012 that will clean the system for you automatically. It is mandatory that you clean up your machine before changing the DNS settings. Otherwise, the malware on your PC will likely change these settings back.
- Run the DNS Changer Fix-it tool and let it adjust your DNS settings. Depending on the type of connection you have, the DNS changer will try to restore you the recommended DNS settings and will inform you if the problem has been solved or not.
The DNS Changer Checker is available courtesy of Bogdan Timofte, Malware Researcher at Bitdefender.