Malicious DNS Changer Trojan May Block Your Internet Access-Truth!

Summary of eRumor:

This is a forwarded warning of a DNS Changer Trojan that hijacks computers when users surf the Internet. DNS stands for Domain Name System, which is the addressing system used by computers when they communicate along the Internet. The warning goes on to say that any computers that are infected with this malware will be blocked from accessing the Internet by the U.S. Government on March 8, 2012. Some warnings include a link for readers to check their computers to see if they were affected.

The Truth:

The warning is real but the threat to block infected computers in March has been extended by four months, according to a March 7, 2012 article in PC Mag.   

In late June and early July several new agencies reported that the deadline to check personal computers for this trojan is July 9, 2012.

The FBI believes that half a million computers have been infected after a joint agency operation conducted in November 2011  apprehended 6 members of a computer hacking gang in Estonia. 

The PC Mag article said “law enforcement authorities working with the Federal Bureau of Investigation arrested six of the seven individuals in Estonia responsible for infecting millions of Windows and Mac machines worldwide with the DNSChanger Trojan. As part of the ‘Operation Ghost Click’ raid, FBI agents also seized over 100 servers at data centers throughout the United States masquerading as legitimate DNS servers.”

The article also said that the Trojan switched the Domain Name System settings on  computers and routers it infected with different addresses to rogue servers. When computer users accessed the Internet with their web browsing software, the DNS servers, under the control of the criminals, would redirect their traffic to to other sites. This resulted in the criminals bagging millions of dollars in referral fees.

The FBI has posted a lookup form to assist computer users to determine if their computers have been infected. Some advance networking skills are required to be able to find the IP Address of the computers to be tested.  Click for FBI page.

The PC Mag article also offered a link to a more user friendly Trojan detecting utility:  Click for DNS Changer Eye at

If users have determined that their computers have been infected they may go to this link for a free removal tool provided by Avira: Click for removal tool.

Computer users have until July to check their computers and make the necessary repairs before infected computers get blocked off the World Wide Web.

updated 03/09/12

A real example of the eRumor as it has appeared on the Internet:

This is for real. You can click on the link to see if your computer is affected.

Internet access for millions of people could be blocked this week because of a computer virus that users might not even know they have.

In November, the FBI arrested six Estonian hackers accused of running an Internet fraud ring that infected approximately 4 million computers in more than 100 countries, including about 500,000 in the United States.
The malware, called DNSChanger Trojan, hijacks computers when users type a Web address in their Internet browser and manipulates their Web activity. The FBI reported that the hackers generated at least $14 million in illicit fees related to online advertising.

The international cyber ring was dismantled and its servers were shut down. The FBI subsequently had a private company run identical servers for four months in an effort to help get infected computers cleaned.

That arrangement ends Thursday, and computers still infected then might not be able to get on the Web on March 9.

Avoiding that is simple. Users can go to to determine if their computer is infected with the Trojan. An up-to-date virus scan should resolve the problem, if a computer is infected.