On November 8, 2011 the FBI, the NASA-OIG and Estonian police arrested several cyber criminals in “Operation Ghost Click”. The criminals operated under the company name “Rove Digital”, and distributed DNS changing viruses. By altering a users DNS settings this virus would point victims to malicious DNS servers in data centers in Estonia, New York, and Chicago. The malicious DNS servers would then give fake, malicious answers, altering user searches, and promoting fake and dangerous products.
Because every web search starts with DNS, the malware showed users an altered version of the Internet. All Sorts of BAD!
All of this DNSChanger mess is about to come to a close, and a number of Internet users are going to be left without any access. Reason being, after the FBI recently broke up the hacker group, they set up temporary DNS servers which matched the virus. This allowed users affected by the virus to connect to the Internet safely and securely.
But, the FBI is planning to shut down those temporary DNS servers on Monday, July 9. This will then make the users affected by the DNSChanger virus unable to connect to the internet as the DNS settings will come up invalid.
What To Do
First off, don’t panic, there are steps to ensure that, even if you’re infected with the DNSChanger virus, you’ll be able to take some steps to get back online without too much distress.
Click on the link here – this page, which takes you to the DNS Chang Working Group, describes how you can determine if you are infected, and how you can clean our infected machines. On that page is another link, http://www.dns-ok.us, click through there and run the Check Up.
What you WANT to see is an image like the one below – green screen, saying all is well. If you don’t get that follow the instructions on how to clean up your environment.
The DCWG is an ad hoc group of subject matter experts, and includes members from organizations such as Georgia Tech, Internet Systems Consortium, Mandiant, National Cyber-Forensics and Training Alliance, Neustar, Spamhaus, Team Cymru, Trend Micro, and the University of Alabama at Birmingham.
You can read more about the arrest of the Rove Digital principals here, and in the FBI Press Release. This page is hosted at the Georgia Institute of Technology, under a research grant provided by the Office of Naval Research.