newpagla

by mchainmchain - 5/5/12 11:36 AM

In Reply to: DNS Malware by newpagella

Thank you for the clarification on how DNS works and how the DNS Changer gang controlled machines affected by this trojan.

I did not spell out how this operation worked, as my focus was to highlight the history and impact this gang had:

"This is because of the way the malware writers set up the botnet. DNS Changer trojan reported back to the servers the gang used to run/own; infected systems would be directed here for all internet access, and then would go out to wherever the user wanted to go. Unfortunately, this also meant the infected system was, for all practical purposes, owned by this gang, for as long as they continued to operate. They made their money on a pay-per-click basis based on fraudulent advertising revenue for each system infected, so every system user unknowingly and unwittingly made them money as they surfed the internet."

The web site is just a way to check to see if you have the trojan, and provides the means to remove it.

Honestly, no one has to provide such a service here. The plug on the rogue DNS servers can be pulled at any time, but instead of that, notice is given that this will happen on July 9th, 2012. There will be many unhappy users when this is done, as you explain above, there will be suddenly no DNS server to connect to. sad sad sad

This does not mean your system is infected with other malware, just that internet connectivity will be lost.

Just go to a site you like and trust to check, is all.