DNSChanger as pictured on http://www.muycomputer.com

(Reposted from C|net and other sources:)

The malware scam DNSChanger that has affected numerous computer systems, including Macs, has been at least partly dismantled by the FBI’s Operation Ghost Click program. (But this program will be terminated in March 2012.)

DNSChanger is a Trojan horse that was distributed in many forms, and when installed it actively changes the infected system’s DNS settings to rogue servers that redirect legitimate searches and URLs to malicious Web sites that attempt to steal personal information and generate illegitimate ad revenue for the scammers.

The DNSChanger malware was first discovered around 2007, and since this time has infected millions of computers, around 500,000 of them being in the U.S., and through these computers the criminals have reportedly pulled in around $14 million in stolen funds. This success spurred the criminals to branch out from targeting Windows PCs to other platforms that include the Mac OS and also networking hardware such as routers, so entire networks could be scammed.

The Mac variants of the malware, found starting in 2008, were known as OSX.RSPlug.A, OSX/Puper, and OSX/Jahlav-C. These have been distributed through pornographic Web sites disguised as required video codecs for QuickTime, and as with the Windows versions, when installed the Trojan would change the system’s DNS settings to servers that would redirect legitimate Web URLs to malicious sites.

Image via Wikipedia

The DNS servers installed by the FBI replacing the rogue DNS servers will be switched off March 8, 2012!

Make sure you check your systems before that date. A quick check for your current settings can be performed by clicking on the link provided by the German Federal Office for Information Systems Security (BSI) http://www.dns-ok.de/ or on http://dns-changer.eu/ 

More detailed instructions for Windows users:

• http://www.dcwg.org/checkup.html
• http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1199

Instructions for Mac users:

• http://www.dcwg.org/checkup.html
• http://www.dnschanger.com/
• http://reviews.cnet.com/8301-13727_7-57322316-263/fbi-tackles-dnschanger-malware-scam/
• Download DNSChanger Removal Tool for Mac  (MacUpdate)

Instructions for Linux Users:

• http://www.dcwg.org/checkup.html
• http://forum.botfrei.de/forumdisplay.php?51-English-Support&langid=2
  

Instructions for Routers:

• http://www.dcwg.org/checkup.html

Read the full article: http://reviews.cnet.com/8301-13727_7-57322316-263/fbi-tackles-dnschanger-malware-scam/

Related articles

• Here’s How to See If the FBI Might Cut Off Your Internet March 8th (Gizmodo)
• A major Trojan Horse is lurking – coming soon to a computer near you (ravenit.com)
• Feds apply for DNSChanger safety net extension (go.theregister.com)
• FBI Shutting Down DNS Servers of the Day (geeks.thedailywh.at)
• Stay Guarded to Thwart DNSChanger Nightmare (devicemag.com)
• Why the FBI might soon cut off your Internet (cbsnews.com)
• Feds Ask for DNSChanger Deadline Extension As Millions of PCs Could Be Cut Off from the Web (circleid.com)
• FBI tackles DNSChanger malware scam (reviews.cnet.com)
• 500,000 zombie PCs imperiled as expiration of court order approaches (arstechnica.com)
• Operation Ghost Click DNS servers to shut down in March (reviews.cnet.com)
• Biz urged to blast DNSChanger Trojans before safety net comes down (go.theregister.com)
• Trojaner ändert DNS-Einstellungen (Botfrei.de, eco – Verband der deutschen Internetwirtschaft e.V.)
• Überprüfung von Computern auf die Schadsoftware “DNS-Changer” (MELANI)