Note: The Ads that appear
on this page are under the
control of Google Ads,
which is a non-partisan site.
Malicious DNS Changer Trojan May Block Your Internet Access-Truth!
Summary of the eRumor: This is a forwarded warning of
a DNS Changer Trojan that hijacks computers when
users surf the Internet. DNS stands for Domain Name System, which is the
addressing system used by computers when they communicate along the Internet. The warning
goes on to say that any computers that are infected with this malware will
be blocked from accessing the Internet by the U.S. Government on March
8, 2012. Some warnings
include a link for readers to check their computers to see if they were
The Truth: The warning is real but the
threat to block infected computers in March has been extended by four
months, according to a
2012 article in PC Mag.
In late June and early July several new agencies reported that the
deadline to check personal computers for this trojan is July 9, 2012.
The FBI believes that half a million computers have been infected after
a joint agency operation conducted in November 2011 apprehended 6
members of a computer hacking gang in Estonia.
The PC Mag article said "law enforcement authorities working with the
Federal Bureau of Investigation arrested six of the seven individuals in
Estonia responsible for infecting millions of Windows and Mac machines
worldwide with the DNSChanger Trojan. As part of the 'Operation Ghost
Click' raid, FBI agents also seized over 100 servers at data centers
throughout the United States masquerading as legitimate DNS servers."
The article also said that the Trojan switched the Domain Name System
settings on computers and routers it infected with different
addresses to rogue servers. When computer users accessed the Internet with their web browsing software, the DNS servers, under the
control of the criminals, would redirect their traffic to to other
sites. This resulted in the criminals bagging millions of dollars in
The FBI has posted a lookup form to
assist computer users to determine if their computers have been infected.
Some advance networking skills are required to be able to find the IP
Address of the computers to be tested.
Click for FBI page.
The PC Mag article also offered a link
to a more user friendly Trojan detecting utility:
Click for DNS Changer Eye at
If users have determined that their
computers have been infected they may go to this link for a free removal
tool provided by Avira:
Click for removal tool.
Computer users have until July to check their computers and make the
necessary repairs before infected computers get blocked off the World
A real example of the eRumor as it has
appeared on the Internet:
This is for real. You can click on the link to see if
your computer is affected.
Internet access for millions of people could be blocked this week
because of a computer virus that users might not even know they have.
In November, the FBI arrested six Estonian hackers accused of running an
Internet fraud ring that infected approximately 4 million computers in
more than 100 countries, including about 500,000 in the United States.
The malware, called DNSChanger Trojan, hijacks computers when users type
a Web address in their Internet browser and manipulates their Web
activity. The FBI reported that the hackers generated at least $14
million in illicit fees related to online advertising.
The international cyber ring was dismantled and its servers were shut
down. The FBI subsequently had a private company run identical servers
for four months in an effort to help get infected computers cleaned.
That arrangement ends Thursday, and computers still infected then might
not be able to get on the Web on March 9.
Avoiding that is simple. Users can go to http://dns-ok.us to determine
if their computer is infected with the Trojan. An up-to-date virus scan
should resolve the problem, if a computer is infected.
2 For 1
Special! SUBSCRIBE to
Our Email Alerts, Advisories, and Virus Warnings!CLICK HERE