Malicious DNS Changer Trojan May Block Your Internet Access-Truth!

Malicious DNS Changer Trojan May Block Your Internet Access-Truth!

Summary of eRumor:

This is a forwarded warning of a DNS Changer Trojan that hijacks computers when users surf the Internet. DNS stands for Domain Name System, which is the addressing system used by computers when they communicate along the Internet. The warning goes on to say that any computers that are infected with this malware will be blocked from accessing the Internet by the U.S. Government on March 8, 2012. Some warnings include a link for readers to check their computers to see if they were affected.

The Truth:

The warning is real but the threat to block infected computers in March has been extended by four months, according to a March 7, 2012 article in PC Mag.   

In late June and early July several new agencies reported that the deadline to check personal computers for this trojan is July 9, 2012.

The FBI believes that half a million computers have been infected after a joint agency operation conducted in November 2011  apprehended 6 members of a computer hacking gang in Estonia. 

The PC Mag article said “law enforcement authorities working with the Federal Bureau of Investigation arrested six of the seven individuals in Estonia responsible for infecting millions of Windows and Mac machines worldwide with the DNSChanger Trojan. As part of the ‘Operation Ghost Click’ raid, FBI agents also seized over 100 servers at data centers throughout the United States masquerading as legitimate DNS servers.”

The article also said that the Trojan switched the Domain Name System settings on  computers and routers it infected with different addresses to rogue servers. When computer users accessed the Internet with their web browsing software, the DNS servers, under the control of the criminals, would redirect their traffic to to other sites. This resulted in the criminals bagging millions of dollars in referral fees.

The FBI has posted a lookup form to assist computer users to determine if their computers have been infected. Some advance networking skills are required to be able to find the IP Address of the computers to be tested.  Click for FBI page.

The PC Mag article also offered a link to a more user friendly Trojan detecting utility:  Click for DNS Changer Eye at

If users have determined that their computers have been infected they may go to this link for a free removal tool provided by Avira: Click for removal tool.

Computer users have until July to check their computers and make the necessary repairs before infected computers get blocked off the World Wide Web.

updated 03/09/12