Today on Blogcritics
Home » DNS Changer Malware and the FBI’s July 9th Deadline: What It Is and What You Should Know

DNS Changer Malware and the FBI’s July 9th Deadline: What It Is and What You Should Know

dns-ok.us green statusDepending on how close you are to your local nerd, you should have already heard about a computer virus that, it is claimed, will cause thousands of people to lose their internet access in just a few days on July 9th.  Some folks don’t even know it’s coming, some have waved it off as a hoax, and some have even gone so far as to claim immunity because, of course, nothing could penetrate their primitive anti-virus shields, regardless of everything I’ve been trying to tell them.  At any rate, it’s happening.

So what exactly’s going on?  The culprit behind this scheduled havoc is a particular class of malware known as DNS Changer.  Before I get into what exactly it’s doing, I should give you a short primer on DNS and what it does – because after all,  like it’s named, DNS Changer changes DNS.

“Phone Numbers for the Web” – A Quick DNS Primer

Think about phone numbers for a second.  Suppose my phone number is (123) 456-7890.  If someone has that phone number written down, and just that phone number, they have no idea who exactly they’re calling if they punch it into a phone.  The information they have to contact me over the phone is incomplete.  Now if they have two pieces of information – the phone number and my name to go with it, then that makes far more sense.  Now they know that I’m at the other end of (123) 456-7890.

DNS is exactly the same thing.  Internet websites have what’s called an IP address (think phone number for a website).  Now let’s make an example.  I’m going to give you an IP address, and you tell me what that address goes to.  Ready? OK, here it is: 173.194.75.103.  Complete gibberish to you?  I’ll tell you what.  Take that number and put it into your web browser where you put in what website you want to go to, and tell me if it doesn’t take you right to Google.  DNS is what allows your browser to cleanly translate domain names to IP addresses – in this case it matches up 173.194.75.103 to “http://www.google.com.”  Just like a phone number.  You don’t get out your cell every time you want to call me and dial out (123) 456-7890.  You go to my name.  Your address book, as it turns out, is a mini list of DNS entries, matching numbers to names.

That was just a basic primer, but it gets far more complex than that when it comes to the Internet.  There’s not just one DNS server, but many that communicate to allow you to browse the web.  You browse the web primarily using the DNS servers that belong to your Internet Service Provider (Comcast, Verizon, Roadrunner, or whoever you pay your bills to).

What Does DNS Changer Do?

FBI DNS Malware diagramSo now that you have a better idea of what DNS is, let’s look at what DNS Changer does.  In the end it can do the same thing that email phishing scams can do in the sense that it can lead you to fake and fraudulent websites to try to steer you in the wrong direction.  This works a little bit differently though – instead of sending you fake links hoping that you’ll click them without paying attention, DNS Changer literally changes your DNS settings, giving the intruder the ability to change where you go and leave your computer wide open to a number of cyber attacks.  The image to your right is a great concise diagram from the official FBI website that shows how it works.

The FBI has been able to identify networks of these rogue DNS servers that can potentially do you harm through what was known as Operation Ghost Click, and have taken a number of steps not only to disable them, but to help internet users until they do.  They’ve been working with ISPs and providing known clean DNS servers so that affected users can redirect to them to browse safely.  On July 9th, support for these temporary clean DNS servers ends, so everyone has to make sure that they’re up to snuff.

What Can I Do?

About tushar nene