In November 2011, the Federal Bureau of Investigations took over a series of DNS servers that had been used by cyber-criminals to redirect users’ traffic to potentially risky locations they control. However, as disruption of the DNS system has a huge impact on the way PCs communicate over the Internet, the Bureau substituted the rogue DNS servers with valid ones to keep resolving internet names.
This will end on July 9, when the substitute servers will be taken offline, making communication nearly impossible for the average user if their DNS settings were tampered with. After July 9th, any computer using these rogue DNS servers will be unable to resolve domain names. The FBI says about 500,000 computers are infected, based on the number of PCs connected to the servers they seized alone. The total number of affected users could run much high.
To restore the computer to a functioning state, Bitdefender has developed a free tool that assesses the status of the DNS settings and prompts the user when rogue DNS settings are found. Please read through this document to see how to restore your system settings to normal and ensure permanent connectivity after July 9th.
[wpdm_package id=21]
What exactly is the role of DNS?
 Computers and other devices connect to the network using what is called IP addresses – series of numbers that identify them. For instance, the bitdefender.com website has an IP address of 50.97.236.19. Since IP addresses are difficult to remember for humans, the DNS (Domain Name System) acts like a phone directory: if you know who to call, you only need to look up the person’s name and the phone brings up the number. Similarly, the DNS server converts domain names into IP addresses.
If the DNS system is tampered with, chances are that the IP address of your favorite e-banking website, e-mail service or social network will lead you to a web page that is actually controlled by the attacker. This way, any data you pass to the website (including authentication information), lands into the wrong hands without the user even realizing it.
 What will happen on July 9th?
 On July 9th, the FBI will shut down these temporary name servers. Without DNS servers to convert domain names to addresses, computers will be unable to function properly. You will still be able to browse the web by entering IP addresses instead of URLs in the browser, but this is not only inconvenient, but also may not work in some circumstances.
 How can I fix things up and avoid disruption?
 First and foremost, you need to identify whether your DNS settings have been replaced with rogue DNS entries. Please download and run the DNS Changer Detector. If the tool reports that your system is clean, you have nothing to worry about. If it shows signs of subversion, follow these steps to fix your PC.
- First and foremost, rid your PC of malware. The DNS settings have likely been changed by an active infection on your PC. Run a 60-second QuickScan to see if you are infected, then manually clean the DNS Changer malware from your PC. Alternatively, you may want to install a 30-day trial of Bitdefender Internet Security 2012 that will clean the system for you automatically. It is mandatory that you clean up your machine before changing the DNS settings. Otherwise, the malware on your PC will likely change these settings back.
- Run the DNS Changer Fix-it tool and let it adjust your DNS settings. Depending on the type of connection you have, the DNS changer will try to restore you the recommended DNS settings and will inform you if the problem has been solved or not.
The DNS Changer Checker is available courtesy of Bogdan Timofte, Malware Researcher at Bitdefender.
[…] Mai multe detalii pe blogul Bitdefender HotforSecurity.com. […]
Hi Bogdan, hi there!
interesting article! i tried to scan my pc with your tool and i got the message: “an error occured”, so no scan has been possible…do you have any advice helping to solve the problem?
best wishes,
Gabriel
DNS Changer Detector tool does not work. Every time I try to run it, it says an error has occurred, check log and all the log tells me is one network adapter found. Pretty useless tool for me anyway.
I tried it and it worked for me. But first you must extract the files from the archive into a directory, then try to run it.
Regards,
Alin
Buna ziua
am incercat sa rulez aplicatia dar imi da mesaj de eroare “an error has occurred, please check the log”
Ce trebuie sa fac ?
O zi cat mai buna
Alright, good guys should be smarter than the bad guys. This is not the case, BDDnsChangerDetector.exe is logging without “running” the cleaner this stupid error
2012-07-09 08:51:35.138 000000001765 009956 006880 [BDDnsChanger] [BDDnsChanger] [ INFO] [htmlayout::MainDlg::ScanningThre] Aquiring network information.
2012-07-09 08:51:35.138 000000001765 009956 006880 [BDDnsChanger] [BDDnsChanger] [ INFO] [ BDDnsChecker::AquireNetworkInfo] Found 2 network adapters.
It really pays for Windows users to run their wonderful piece of marvel.
Intru pe net mai mult de 3 zile pe saptamana, si cu toate acestea
inca nu am citit articole la fel de citibile ca ale dumneavoastra.
E destul de interesant pentru mine. Dupa parerea
mea, daca toti web owners si blogerii ar face
comentarii la fel de interesante ca ale dvs, netul ar
fi cu mult mai util decat a fost pana in acest moment.
Mi-a fost imposibil sa nu va scriu. Cu grija scris!