Internet Doomsday! DCWG! What’s all the fuss? This week’s question comes from a retired high school principal who wants to know if DCWG is legit. Yes it is and a very helpful site to help you determine if you are part of the DNS Changer Trojan infection that is in the news and headed toward a July 9 critical point.
You may remember a previous column where I described a worldwide botnet that was being run out of Estonia and controlling 4 million computers in over 100 countries all over the world. In a huge operation involving the FBI and other worldwide police organizations, seven men were charged in 2011. Since then the FBI has been working to clean up all the infected DNS servers and keep them from spreading. They have announced that as of July 9 infected computers will not be able to access the internet in a move to clean up this huge mess.
As with a lot of these kinds of questions, one leads to another. What is DNS? From the FBI website: “ DNS (Domain Name System) is an Internet service that converts user-friendly domain names into the numerical Internet protocol (IP) addresses that computers use to talk to each other. When you enter a domain name, such as www.fbi.gov, in your web browser address bar, your computer contacts DNS servers to determine the IP address for the website. Your computer then uses this IP address to locate and connect to the website. DNS servers are operated by your Internet service provider (ISP) and are included in your computer’s network configuration. DNS and DNS Servers are a critical component of your computer’s operating environment—without them, you would not be able to access websites, send e-mail, or use any other Internet services.
Criminals have learned that if they can control a user’s DNS servers, they can control what sites the user connects to on the Internet. By controlling DNS, a criminal can get an unsuspecting user to connect to a fraudulent website or to interfere with that user’s online web browsing. One way criminals do this is by infecting computers with a class of malicious software (malware) called DNS Changer. In this scenario, the criminal uses the malware to change the user’s DNS server settings to replace the ISP’s good DNS servers with bad DNS servers operated by the criminal.” In a nutshell, you type in an URL in your address bar and you surf to another site run by a criminal enterprise.