How to check if your DNS Server was hacked

Post initially published in Avira Techblog.

You must have heard already about the already “famous” malware DNSChanger which manipulates the DNS settings of the computer in order to silently direct the users to malicious websites.

FBI and others took action against this malware and in November 2011 have managed to break the botnet. According to FBI, more than 4 million computers were affected world-wide. The thieves manipulated DNS entries in order to block antivirus programs and the operating systems to update delivering this way even more malware on users’ computers. The DNSChanger malware was used also to redirect users to rogue servers controlled by the fraudsters, allowing them to control users’ web activity and generate income through online advertising. When FBI shut down the botnet, they also replace the servers which were directing to malicious domains with valid DNS servers.

So, if the botnet is shut down why all this trouble?

FBI will deactivate those new valid DNS servers on March 8, 2012.

If your computer was infected at some point in time and it was using one of the DNS servers which are now controlled by FBI, after March 8, it will no longer be able to make any DNS requests through these servers. In layman’s terms, you will no longer be able to browse the web, read emails and do everything you usually do on Internet. So, it is mandatory that the DNS settings of the computer are restored to their original state.

After an infection with DNSChanger malware, until now it was needed to restore the settings manually. Here are tutorials in German and in English.

With the Avira DNS-Repair tool released (press release in German only) on Friday, January 20,  you can revert to the default settings of Windows only with a few clicks.

You can download the tool free of charge from the Avira Support’s Knowledge Base website in German and in English.

Avira cooperated also with the German Federal Office for Information Security (BSI) and published the tool also on the special website created to check if the DNS requests are made to the right places: www.DNS-OK.de. Note that on this website you see the link to the Avira DNS-Repair-Tool only if it is detected that your system is affected by the malware.

 


© Copyright 2012 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check www.mustaca.com for the IT Consulting services I offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie http://de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca

Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since year 2000 in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is an independent IT Security Consultant focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close