DNSChanger-infected machines won’t be disconnected, for now
It’s good news for the owners of the computers still infected by the DNSChanger malware, as a US Federal Judge agreed with the Attorney’s Office’s formal request to keep the DNS servers to which the computers are connected running until more – ideally all – of those computers are cleaned.
Following the dismantling of the gang behind the botnet via Operation Ghost Click in early November of 2011, the original servers were replaced by clean ones run by the Internet Systems Consortium and monitored by the DNS Changer Working Group. The final shutdown of those servers was planned for March 8.
But unfortunately, the clean-up process of some 4 million infected computers took longer than expected, and by the end of February, 400,000 computers still remained infected.
Even the US government was worried that it wouldn’t be able to clean all the infected computers in its agencies despite employing its own threat-monitoring system to find them.
So, the request to the court was made, and finally granted this week mere days before the shutdown deadline. As things stand, the deadline has been pushed to June 9, and ISC is required to report on the status of the cleaning process in May.
For users who want to make sure that their computer hasn’t been compromised by the malware in question, the FBI has made public a step-by-step guide for discovering the infection.
Windows users can also take advantage of the Qualys BrowserCheck plug-in which is also equipped with DNSChanger detection capabilities.