Trojan could force users offline

by | May 23, 2012 | Security

Security_May22_A-150x150July 9. That’s the date the US FBI plans to shut down the Internet, for some users at least. In January, the FBI and Estonian authorities managed to shut down one of the largest malware infections seen to date. The major feature of this malware, called DNS Changer, is that it blocked users from conducting security scans. To circumvent this, the FBI established servers that allowed infected users to run scans to remove it from their computers.

While the source of DNSChanger has been removed, essentially killing it. There are still infected users out there who may have their Internet cut off in July if they don’t deal with it by then.

What is DNSChanger?
DNSChanger is a Trojan that hijacks a user’s Internet, at the most basic level, the DNS. If a user enters a web address, DNSChanger will return a similar looking page, but with ads that are owned by hackers. Thus allowing them to manipulate online advertising to make money, around USD 14 million by the time they were shut down.

Aside from that, it also prevents users from visiting security websites, like, and downloading program and OS updates. As many as four million computers, including some Fortune 500 and government computers, have been infected worldwide.

What’s a DNS?
A DNS – Domain Name System – is a cruical service that converts domain names like into code that computers can understand. The DNS essentially makes it easier for computers to talk with one another. Without it, any program or action that uses the Internet wouldn’t work.

What did the FBI do?
Because the malware affects the DNS, the FBI couldn’t just shut down the servers that the infected users’ computers talk to, as they wouldn’t be able to access any Web pages. So, they replaced the DNS servers that the hackers used with new ones. These servers will go offline in July, at which time, any user still connecting to the DNS servers, or who is still infected irregardless of their location, could be affected.

What should I do?
If you’re infected by this malware, and don’t remove it by July 9, your Internet access could be shut down. To prevent this, it’s important to contact your IT service provider and work with them to ensure your systems are clean, and security’s up to date.


Google plans to warn users they are infected by DNSChanger. When a user accesses one of Google’s functions, like search, Google will show a message informing the users they may be infected and give some tips on how to get rid of it.

If you think your systems or network aren’t secure enough, please contact us, we are ready to help.

Published with permission from Source.

Related Posts

What is a Network Security Assessment?

What is a Network Security Assessment?

A network security assessment is a vital process that reveals the secrets of evaluating and strengthening your network defenses. In today's interconnected world, where cyber threats lurk around every corner, understanding the concept and purpose of a network security...

Preventing Phishing Attacks with Managed IT Services

Preventing Phishing Attacks with Managed IT Services

Phishing attacks have risen recently as many businesses store sensitive data online. Studies show that three billion phishing emails get sent daily. One of the best ways of preventing phishing attacks is by investing in managed IT services, and you’ll see how....

Cybersecurity Best Practices of 2022

Cybersecurity Best Practices of 2022

Cybersecurity threats are becoming increasingly popular as businesses digitalize their operations, calling for cybersecurity best practices. According to Identity Theft Resource Center’s data breach report, data breaches increased from 1,108 in 2020 to 1,603 data...


Give us a call and discover how great local IT services and computer support can be!