Understanding DNSChanger Malware

What is DNS?

Before talking about the most discussed or talked DNSChanger Malware let me first tell you about DNS. DNS which stands for Domain Name System or Domain Name Server is a service which converts the user friendly names on your favorite websites to IP address. All the websites you know are running or hosted on some server but the server is identified only by the IP address and not by the domain name. Here DNS helps to convert the Name you have entered in browser to IP address. Without DNS you might have to remember the IP address of all your favorite websites (which is quite difficult as we browse and access hundreds of website), you wouldn’t able to access your emails or any other internet services.

What is DNSChanger Malware?

DNSChanger Malware is developed by Rove Digital- an IT company known for sending spams and Malware (as per Wikipedia) and it’s a DNS hijacking Trojan which attacks the computer’s (or routers) DNS entries and change/point them to a unreliable DNS which redirects you (a visitor or Internet user) to various fraudulent websites, show advertisements on WebPages etc. This unreliable DNS is known as Rogue DNS.

How it Operate?

DNSChanger was distributed as video codec which need to download to view the video content on a website mostly on unreliable or Rogue Porn Websites. Once the user installs the so called codec, the malware starts doing is job i.e. to attack the DNS configuration of your computer and replaces it with rogue DNS Server. This malware also tries to access your network devices like routers using default login credentials; if successful it changes the DNS entries of it.

How to detect?

You have to check your network settings, specially the DNS section and if your computers or routers DNS is using any of the IP’s mentioned below; you are infected.

85.255.112.0 through 85.255.127.255
67.210.0.0 through 67.210.15.255
93.188.160.0 through 93.188.167.255
77.67.83.0 through 77.67.83.255
213.109.64.0 through 213.109.79.255
64.28.176.0 through 64.28.191.25

You can also check http://www.dns-ok.us/ which checks and verify your IP and shows result. If you see following Screen (In Green Color) then you are not infected.

So, while browsing be safe and don’t download any video codec until it’s from a reliable source.

Note: I have collected the information available on internet and tried to explain it in simple terms. I request the viewers if they have more information about DNSChanger please share.

About: Mike

Milind Koyande loves to work on new technologies specially virtualization and troubleshoot server problems. I’m an avid photographer and love to spend my free time close to nature, trying to capture its glory on my camera.


6 thoughts on “Understanding DNSChanger Malware”

  1. Pretty nice post. I just stumbled upon your weblog and wanted to mention that I have really loved surfing around your blog posts. In any case I’ll be subscribing for your feed and I hope you write once more very soon!

  2. Undeniably imagine that which you said. Your favorite justification seemed to be on the web the simplest thing to take into account of. I say to you, I definitely get irked even as other people think about issues that they plainly don’t recognise about. You managed to hit the nail upon the highest as smartly as outlined out the entire thing without having side-effects , other people could take a signal. Will likely be back to get more. Thank you

  3. Wow, incredible weblog structure! How lengthy have you ever been running a blog for? you made blogging look easy. The whole glance of your web site is wonderful, let alone the content material!

  4. It is appropriate time to make a few plans for the longer term and it is time to be happy. I have learn this publish and if I could I wish to counsel you some attention-grabbing things or advice. Maybe you could write subsequent articles referring to this article. I wish to learn even more issues approximately it!

This site uses Akismet to reduce spam. Learn how your comment data is processed.