What is the DNS Changer Malware?
Copy article linkWhat does the DNS Changer Malware do?
The DNS changer malware pointed the victims DNS configuration to their own malicious DNS servers in Estonia, Chicago, and New York. This caused DNS lookup queries to be directed to malicious DNS servers, and in turn allowed the group to re-route internet traffic to malicious web servers. These web servers then served to replace the links in search results, and replace ads on popular websites. At the time, DNS wasn't as secure as it is today, making this attack quite effective.
On March 12th 2012, the FBI announced that, under a court order, the ISC (Internet Systems Consortium) was operating a replacement DNS service for the Rove Digital network. This will allow affected networks time to identify infected hosts, and avoid sudden disruption of services to victim machines. These servers were to be shut off on July 9th 2012.
How Can I Protect Myself?
If you were affected by this DNS Changer, then your DNS configuration has changed. You can make sure your operating system has the latest security patches, and update your configured DNS servers in its operating system. However, this malware is no longer being distributed, and many popular sites are now defended against this type of attack. So the chances of this still affecting you are very small.