DNS Changer Malware Could Lock Unwary Users Out of the Internet on July 9

NEWS ANALYSIS: While the chances of any of your computers having an active DNS Changer malware infection are remote, you should still check to make sure your system is clean and confirm that somewhere along the line your DNS settings didn’t get changed.

The DNS Changer malware has been all over the news during the last couple of days, and with good reason. If you haven€™t checked that your computers are malware-free and fixed an apparent DNS Changer infection, you won€™t be able to use the Internet very easily come Monday, July 9.


Monday is the day that the FBI pulls the plug on the Domain Name System (DNS) servers that have been kept running as a safety net for people who were infected by the malware, and as a result were being directed to bogus DNS servers.

When the servers are taken offline July 9, the only way you€™ll be able to access the Internet if you€™re affected is to type in the actual IP address because your computer won€™t be able to resolve addresses. Fortunately, it€™s easy to tell if you€™re affected, and the problem is easy to fix. Here€™s what you need to do.

First, visit the Website of the DNS Changer Working Group where you€™ll see a description of the DNS Changer and what it does. You€™ll also see a green button that is labeled €œDetect.€ On that page, you€™ll see a chart listing sites around the world that will tell you whether your computer is resolving DNS addresses properly. The site for the United States is www.dns-ok.us and it has a simple interface that presents a green square if your computer is resolving IP addresses properly.

You should note that when I tried the U.S. site only two of the four browsers on the test computer would actually load it. Firefox and Internet Explorer worked fine, Google Chrome and Apple Safari did not. Neither would load the address at all. Note that this test was done on a machine running a 64-bit version of Windows 7. Other computers have delivered results with various browsers.

If for some reason you€™re not able to get the site to load, try the European site at http://dns-changer.eu, which I found works more reliably. Note that the European site will record the operating system and browser that you€™re using.

If you get the all-clear, you€™re probably done. While it€™s possible that your ISP is redirecting the bogus DNS requests for you, you€™ll still get to the Internet. If you want to be totally certain, either check your computer€™s DNS settings manually or have your IT department check them. Note that in addition to the sites listed by the DCWG, other sites including Google and Facebook will alert you if you appear to be having DNS problems related to malware.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...