What is DNS?
Before talking about the most discussed or talked DNSChanger Malware let me first tell you about DNS. DNS which stands for Domain Name System or Domain Name Server is a service which converts the user friendly names on your favorite websites to IP address. All the websites you know are running or hosted on some server but the server is identified only by the IP address and not by the domain name. Here DNS helps to convert the Name you have entered in browser to IP address. Without DNS you might have to remember the IP address of all your favorite websites (which is quite difficult as we browse and access hundreds of website), you wouldn’t able to access your emails or any other internet services.
What is DNSChanger Malware?
DNSChanger Malware is developed by Rove Digital- an IT company known for sending spams and Malware (as per Wikipedia) and it’s a DNS hijacking Trojan which attacks the computer’s (or routers) DNS entries and change/point them to a unreliable DNS which redirects you (a visitor or Internet user) to various fraudulent websites, show advertisements on WebPages etc. This unreliable DNS is known as Rogue DNS.
How it Operate?
DNSChanger was distributed as video codec which need to download to view the video content on a website mostly on unreliable or Rogue Porn Websites. Once the user installs the so called codec, the malware starts doing is job i.e. to attack the DNS configuration of your computer and replaces it with rogue DNS Server. This malware also tries to access your network devices like routers using default login credentials; if successful it changes the DNS entries of it.
How to detect?
You have to check your network settings, specially the DNS section and if your computers or routers DNS is using any of the IP’s mentioned below; you are infected.
220.127.116.11 through 18.104.22.168
22.214.171.124 through 126.96.36.199
188.8.131.52 through 184.108.40.206
220.127.116.11 through 18.104.22.168
22.214.171.124 through 126.96.36.199
188.8.131.52 through 184.108.40.206
You can also check http://www.dns-ok.us/ which checks and verify your IP and shows result. If you see following Screen (In Green Color) then you are not infected.
So, while browsing be safe and don’t download any video codec until it’s from a reliable source.
Note: I have collected the information available on internet and tried to explain it in simple terms. I request the viewers if they have more information about DNSChanger please share.