Sophos Advice and Video on Avoiding DNS Changer ‘Internet Blackout’

Original Author: Paul Ducklin (Sophos)
Approved by PR Firm: Inter-Asia

Hundreds of thousands of computer users won’t be able to connect to the internet tomorrow, thanks to the legacy of the 'DNS Changer' malware.

In November 2011, the FBI seized control of rogue DNS servers that were being used by cyber criminals. The servers were redirecting PCs infected with the DNS Changer malware to a variety of money-making scams. The FBI took immediate action to make the DNS servers harmless, but they remained online and it is understood that 350,000 computers are still using them to connect to the internet.

The servers were shut down permanently today, which means that computers still using the rogue DNS servers will no longer be able to connect to the internet, tomorrow.

Said Graham Clulely, Senior Technology Consultant at Sophos, “There’s a bit of good news for Sophos customers, as Sophos can detect various variants of the DNS Changer malware under names such as Troj/DNSChan-A.

“Furthermore, Sophos products can detect if your computer is one of the ones whose DNS settings have been meddled with - identifying them as CXmal/DNSCha-A, and help repair the damage.

And finally, if you want to see if your computer is one of those which might have been affected, you can check via the DNS Changer Working Group website (DCWG). “

“The FBI also has a look-up form on its site,” he added.

Sophos has created the following video to explain the history and impact of the DNS Changer malware, why so many are at risk of losing connection, and how users can check settings to ensure that they remain unaffected: