23 May 2012

Google to Notify Users of DNS Changer Infections

The DNS Changer Trojan currently affecting more than 500,000 users worldwide will leave its victims without internet connectivity as of July 9. Since many computer users have no clue that their machines have been compromised and that they will lose connectivity Google has started delivering infection notifications to affected parties whenever they query the search engine for results.

In 2011, some families of DNS Changer Trojans would modify the DNS settings of infected computers to make them use compromised DNS servers (infrastructures that translate domain names into IP addresses). The FBI seized control of these rogue DNS servers in November and substituted them with genuine ones. However, they can only operate them until July 9. They will then be disconnected, rendering the infected computers that use them unable to resolve Internet names. 

The Google notification will tell the users that their computers have been infected but does not offer disinfection or repair options. It simply lets the user know of a problem that should be addressed with Internet security software.

This is the second time Google is using its search results to notify users of security issues with their computers. Last July, Google also displayed infection warnings for users whose traffic was bouncing off a small number of intermediary servers called “proxies.”

To restore the computer to a functioning state, Bitdefender has developed a free tool that assesses the status of the DNS settings and prompts the user when rogue DNS settings are found.