Identifying whether your machine is infected with the DNS Changer malware isn't difficult. Users should click on the DNS Changer Working Group site, then follow instructions. There are also software tools to clean up the problem. But the cleanup isn't a piece of cake, experts say.
One of the things DNS Changer Trojan did beside forcing computers to find the wrong websites on the Internet was to turn off their antivirus updates – and to download to those machines a raft of other malware.
"Unfortunately, most of those that still have infected machines are going to find out the hard way on Monday – they'll be cut off – and have to take their machines to a local computer store to get it cleaned up," says Rod Rasmussen, president of Identity Internet. "The biggest danger for most people isn't going to be the DNS Changer itself, but all the other things that got installed."
DNS Changer, discovered in 2005, was part of a new trend in the malware world designed to subvert one of most basic features of the internet – the addressing system computers use to find websites on the Internet. The rogue servers set up by criminals and later taken over by the FBI in "Operation Ghost Click" were programmed to mimic the Internet phonebook called the Domain Name System (DNS) and transmit their own fraudulent web addresses. In doing so, the criminals essentially enslaved victims' computers, making them dependent on their servers to access the Internet.
The intent of the operation was to twist automated Internet advertising to the criminals' advantage. These advertising systems pay website owners fractions of a cent for every page view and a few cents if someone actually clicks on the advertiser's link. If a sale is made from that click-through, the referring website can actually get a commission.
By sending infected users to fraudulent websites that they controlled, the criminals generated huge numbers of page views and, in turn, large advertising revenues. The money adds up fast when you've got millions of computers under your control pursuing fraudulent search results, says Brett Stone-Gross, senior security researcher at Dell SecureWorks.