How to check if your DNS Server was hacked

Post initially published in Avira Techblog.

You must have heard already about the already “famous” malware DNSChanger which manipulates the DNS settings of the computer in order to silently direct the users to malicious websites.

FBI and others took action against this malware and in November 2011 have managed to break the botnet. According to FBI, more than 4 million computers were affected world-wide. The thieves manipulated DNS entries in order to block antivirus programs and the operating systems to update delivering this way even more malware on users’ computers. The DNSChanger malware was used also to redirect users to rogue servers controlled by the fraudsters, allowing them to control users’ web activity and generate income through online advertising. When FBI shut down the botnet, they also replace the servers which were directing to malicious domains with valid DNS servers.

So, if the botnet is shut down why all this trouble?

FBI will deactivate those new valid DNS servers on March 8, 2012.

If your computer was infected at some point in time and it was using one of the DNS servers which are now controlled by FBI, after March 8, it will no longer be able to make any DNS requests through these servers. In layman’s terms, you will no longer be able to browse the web, read emails and do everything you usually do on Internet. So, it is mandatory that the DNS settings of the computer are restored to their original state.

After an infection with DNSChanger malware, until now it was needed to restore the settings manually. Here are tutorials in German and in English.

With the Avira DNS-Repair tool released (press release in German only) on Friday, January 20,  you can revert to the default settings of Windows only with a few clicks.

You can download the tool free of charge from the Avira Support’s Knowledge Base website in German and in English.

Avira cooperated also with the German Federal Office for Information Security (BSI) and published the tool also on the special website created to check if the DNS requests are made to the right places: www.DNS-OK.de. Note that on this website you see the link to the Avira DNS-Repair-Tool only if it is detected that your system is affected by the malware.

 


© Copyright 2012 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity


Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.

Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch

Related Posts

Avira Survey Shows 50 Percent of People Are Concerned About Banking Online

See the original article here and an interview with me for the Infosecurity US Magazine. I gave the interview on telephone calling the editor from home at 21.00h 🙂 Additional news here: http://www.esecurityplanet.com/trends/article.php/3912941/Online-Banking-Security-a-Concern-for-Most-Survey.htm In German: http://www.securitymanager.de/magazin/news_h42825_avira_fast_die_haelfte_der_anwender_ist_besorgt.html That’s fun 😉 &copy Copyright 2010 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on CybersecurityCheck www.endpoint-cybersecurity.com for […]