Fortinet Blog | News and Threat Research

That said, come Monday, many users with the DNSChanger virus plaguing their computers will be kicked offline until the nasty bug is removed.

The problem reared its ugly head over the last several years when Estonian malware authors created DNSChanger, which—true to its name—rerouted users’ search traffic to their own infected servers. From the users’ perspective, the redirect took them to bogus Websites, which pummeled them with spam, phishing attacks and adware.

The malicious campaign wreaked havoc on users’ computers around the world, altogether netting the miscreants profits that reached close to $14 million in illegal ads, according to the FBI, and infecting an estimated four million machines at its peak.

The FBI caught wind of their shenanigans and, with the help of a few international partners, initiated a crackdown in November of last year resulting in the arrest of six Estonians.  As part of the operation, the FBI and other international law enforcement agencies shut down the infected DNS servers, but not before creating a temporary safety net of servers in their place that prevented hundreds of thousands of users from being cut-off from Internet connectivity.

Initially, those temporary servers were scheduled to be shut down in March of this year, but the deadline got extended to allow victims more time to clean their computers. Even still, more than 300,000 computers worldwide still housed DNSChanger by mid-June, according to the FBI’s latest report.

Now, almost eight months later, those temporary servers are slated to finally be taken offline—perhaps leaving hundreds of thousands of users in the lurch if they fail to rid their machines of the virus before the July 9 deadline.

Thus far, there are still an estimated 350,000 users with infections remaining on their computers, according to the DNS Changer Working Group, which means it will be curtains for their Internet connectivity if they don’t clean up their machines.

Fortunately for them, the FBI and the DCWG offer free online tools on their sites that can detect infection in a matter of seconds, simply by entering their IP addresses or clicking a button.

If the tools fail to detect an infection, users will be able to access the Internet with impunity come Monday. However, if DNSChanger is found on the victim’s computer, not to fear–there is still time to address the threat before the FBI pulls the plug.

Specifically, DCWG recommends that users with the DNSChanger malware on their machines first backup and save all their external files so as not to lose any sensitive data during the cleaning process.

Next, users will be required to install a removal tool, several of which are listed on the DCWG site. To ensure that the threat is entirely removed, the DCWG recommends using more than one.

And as with any infection, users will want to carefully review bank statements and credit card bills, while changing all passwords and logins.

Remember, in light of the availability, accessibility and relative speed of the fixes, the DNSChanger virus does not signify the end of the world. But for those that lose Internet connection July 9th, it might feel like it.