'DNSChanger Trojan: is your computer infected and what to do if it is' diff viewer (1/2)

This article is from the source 'guardian' and was first published or seen on July 06, 2012 15:30 (UTC). It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.guardian.co.uk/technology/us-news-blog/2012/jul/06/dnschanger-trojan-computer-infected

The article has changed 4 times. There is an RSS feed of changes available.

Previous version 1 2 3 Next version

Version 1	Version 2
DNSChanger Trojan: is your computer infected and what to do if it is	DNSChanger Trojan: is your computer infected and what to do if it is
2012-07-06 16:20:11 UTC	2012-10-21 00:45:19 UTC (4 months later)
An estimated 45,600 computers infected with the DNSChanger Trojan could lose internet access on Monday when the FBI removes a temporary fix for computers infected with the malware.	An estimated 45,600 computers infected with the DNSChanger Trojan could lose internet access on Monday when the FBI removes a temporary fix for computers infected with the malware.
An organized criminal group called Rove Digital deployed the virus, which rerouted internet traffic, generating $14m in revenue for the group. In 2011, seven were charged for the internet fraud scheme that infected more than four million computers across the world. At least 500,000 of those computers were in the US and include computers owned by government agencies, businesses and individuals. Six of those charged were arrested, one remains at large.	An organized criminal group called Rove Digital deployed the virus, which rerouted internet traffic, generating $14m in revenue for the group. In 2011, seven were charged for the internet fraud scheme that infected more than four million computers across the world. At least 500,000 of those computers were in the US and include computers owned by government agencies, businesses and individuals. Six of those charged were arrested, one remains at large.
To keep victims from losing internet access, the FBI worked with a non-profit to provide victims with a temporary solution, which expires on Monday.	To keep victims from losing internet access, the FBI worked with a non-profit to provide victims with a temporary solution, which expires on Monday.
Is your computer infected?	Is your computer infected?
To check if your computer is infected, click this link from the FBI. The site features an image which will have either a green background (which means your computer is clean) or red (which means your computer is infected). If you are outside the US, a list of country-specific sites to check if your computer is infected is available here.	To check if your computer is infected, click this link from the FBI. The site features an image which will have either a green background (which means your computer is clean) or red (which means your computer is infected). If you are outside the US, a list of country-specific sites to check if your computer is infected is available here.
What to do if your computer is infected	What to do if your computer is infected
First, back up all valuable information on your computer. Then, take it to a professional. FBI has an in-depth rundown (pdf) on what to do if your Mac or PC has the virus. This website also provides a list of tools to clean up the malware.	First, back up all valuable information on your computer. Then, take it to a professional. FBI has an in-depth rundown (pdf) on what to do if your Mac or PC has the virus. This website also provides a list of tools to clean up the malware.
How the DNSChanger malware works	How the DNSChanger malware works
DNS (Domain Name System) converts user-friendly domain names, like guardiannews.com into numerical internet protocol (IP) addresses that computers use to communicate with each other. So every time you enter guardiannews.com (which you should do often!), your computer takes the numeral code IP, sends it to the DNS, which in turn sends your computer to the proper website.	DNS (Domain Name System) converts user-friendly domain names, like guardiannews.com into numerical internet protocol (IP) addresses that computers use to communicate with each other. So every time you enter guardiannews.com (which you should do often!), your computer takes the numeral code IP, sends it to the DNS, which in turn sends your computer to the proper website.
The scammers infected computers around the world with the malware, allowing them to control DNS servers. Once they gained control of computers DNS they were able control what sites the computer connects to, interfere with web browsing and make computers vulnerable to other malicious software. This is what tens of thousands of computers in the US are dealing with now.	The scammers infected computers around the world with the malware, allowing them to control DNS servers. Once they gained control of computers DNS they were able control what sites the computer connects to, interfere with web browsing and make computers vulnerable to other malicious software. This is what tens of thousands of computers in the US are dealing with now.
	Comments
	42 comments, displaying first
	6 July 2012 4:38PM
	The link to check your computer, is broken
	Link to this comment:
	6 July 2012 4:44PM
	Oh dear. First link under "Is your computer infected" is broken. It should be:
	www.dns-ok.us
	There's so many levels of irony there...
	Link to this comment:
	6 July 2012 4:47PM
	and @WoodwardRobert, Thanks for letting us know. It's fixed.
	Link to this comment:
	6 July 2012 5:14PM
	I love the comments in a certain mid-market tabloid's version of this article, featuring such gems as "I'm not letting the FBI scan my computer". Readers of that paper shouldn't be allowed on the internet without adult supervision.
	Link to this comment:
	6 July 2012 5:34PM
	I dont think the Guardian should be encouraging users to 'click on this link to see if you are infected'.
	Surely if the FBI provided the 'victims' with a patch, 99% of the people affected will already know they are affected.
	This article smaks of scare mongering,..
	Ensure you have up-to-date anti-virus, and scan your pc. If you dont you deserve everything you get.
	Link to this comment:
	6 July 2012 5:35PM
	could lose internet access
	BULLSHIT!
	This is the technology section, don't you know the difference between "internet" and "world wide web"?
	There is NO DNS-changer in the world that will have any effect on email-traffic or usenet or IM-traffic or any other internet-protocol that don't involve a web-browser!
	This is the most incompetent reporting I've seen this year an any journalistic publication.
	Yours Ivan
	Link to this comment:
	6 July 2012 5:45PM
	How the DNSChanger malware works
	DNS (Domain Name System) converts user-friendly domain names, like guardiannews.com into numerical internet protocol (IP) addresses that computers use to communicate with each other. So every time you enter guardiannews.com (which you should do often!), your computer takes the numeral code IP, sends it to the DNS, which in turn sends your computer to the proper website.
	No, your computer sends the request in text form to a DNS server which looks up the name and resolves it against a numerical list to retrieve the correct IP address. Computers don't magically know what the IP address of a domain name is, they have to ask a DNS server. That's what DNS servers are for. Once this has been done, the IP address is cached on the client machine for the session, but it needs looking up first.
	The scammers infected computers around the world with the malware, allowing them to control DNS servers.
	No, the malware would (presumably) allow the scammers to change the DNS server settings of the client computer, not control the DNS server itself. Otherwise they'd be infecting the server, not the client, and the problem would need to be solved by ISPs, not end users.
	Once they gained control of computers DNS they were able control what sites the computer connects to, interfere with web browsing and make computers vulnerable to other malicious software. This is what tens of thousands of computers in the US are dealing with now.
	Meaning that instead of asking 101.101.101.1 (your.isp.server) to "resolve yourbank.co.uk against the list of IP addresses, then retrieve the page" your computer would be "asking 202.202.202.2 (the.con.artists.server) to "resolve yourbank.co.uk against their dodgy list, which would then retrieve a page from clone.of.yourbank.co.uk or similar. As the domain name (yourbank.co.uk) is still shown in the address bar of your browser, you would be none-the-wiser, thinking you are entering your details into yourbank.co.uk login page.
	Basic precautions when sending personal/sensitive information:
	1) Always check the SSL credentials to see if they fit what you expect (double-click the padlock icon, or similar, which appears in your browser when accessing secure (https://) pages.
	2) Don't use Windows. It's the biggest security risk you can imagine and runs like a dead dog on a hot day. Why anyone with a brain would inflict this on a computer is beyond me.
	Doing 2) alone will solve 90% of your security issues.
	But hey, I use MorphOS so what do I know. Security through obscurity? Don't mind if I do. :-)
	Link to this comment:
	6 July 2012 6:01PM
	Of course my computer is not infec BUY CHEAP VIAGRA NOW!
	Link to this comment:
	6 July 2012 6:01PM
	FBI has an in-depth rundown (pdf) on what to do if your Mac or PC has the virus.
	That should be Windows PC The don't appear to have Linux instructions.
	Link to this comment:
	6 July 2012 6:08PM
	You also forgot the bit about checking your router.
	Link to this comment:
	6 July 2012 6:11PM
	@IvanIvanovich
	You do know that e-mail clients connect to smtp/pop/IMAP servers, which are configured using server names which - err.. have to be resoved into numerical IP addresses, and that these requests take place using your TCP/IP stack in exactly the same way as your browser? There may be some differences in application layer etc, but in terms of DNS resolution there's no difference at all.
	Not saying it will affect them (what self-respecting criminal would want to spoof IM chat, or serve you spoof e-mails...) but there's no reason it couldn't.
	Link to this comment:
	6 July 2012 6:23PM
	I'll bet this never happened to quills...
	Link to this comment:
	6 July 2012 6:48PM
	My computer got infected with DNS changing malwaren or virus a couple of years ago. I hadn't downloaded or clicked anything dodgy so it must have been a 'drive past' infection - just visiting the site runs some rogue code and infects you.
	My computer was not using the DNS server I had in my settings (OpenDNS) and any Google results I clicked on led to some advertising. (The OpenDNS website has a page that tells you if you are using OpenDNS settings, this said I wasn't.)
	I checked my computer with every anti-virus checker and anti-malware program I could find - all gave it a clean bill of health. Anti-virus software will not protect you.
	It had made no changes to my Hosts file (which simpler redir malware does). I guess it must have modified a Windows DLL, but no tests I did found it. I checked for root kits and this seemed clean.
	I found a lot of information by searching for 'Google redirect'. I eventually found a 'ReDir' fix program that cured it, but this disabled some features of my Microsoft keyboard (volume control stopped working).
	I reinstalled Windows and all was well. Perhaps I should have tried this first?
	Link to this comment:
	6 July 2012 6:49PM
	My browser shows green. But how can I know if my DNS request was not sent to a bogus address to make me think my computer is OK when it is not really OK.
	I need a second opinion. :-O
	Link to this comment:
	6 July 2012 6:50PM
	I'll bet this never happened to quills...
	Avian bird flu?
	Link to this comment:
	6 July 2012 7:38PM
	2) Don't use Windows. It's the biggest security risk you can imagine and runs like a dead dog on a hot day. Why anyone with a brain would inflict this on a computer is beyond me.
	With a few basic common-sense precautions Windows is as safe as any other OS. The belief that other OSs are somehow miraculously immune is akin to using the rhythm method as contraception.
	Link to this comment:
	6 July 2012 7:56PM
	2) Don't use Windows. It's the biggest security risk you can imagine and runs like a dead dog on a hot day. Why anyone with a brain would inflict this on a computer is beyond me.
	Why? Because it works. It's not perfect but it is very easy to install and set up. How to do it safely:
	Ensure the firewall is enabled. You do NOT need third party firewalls - the Windows one is fine for most users;
	DO NOT run it as an administrator;
	Enable user account control;
	Install, keep updated and use an antivirus program - there are many perfectly good free ones;
	Set your browser to autodelete cookies and temporary files at the end of each session;
	Use Windows Update - it's only once a month.
	Do all that and you won't have a problem. I have been using the web since it was about two years old (1995) and despite using mainly Windows machines (but also Linux and BSD) I have had a virus exactly twice in all those years.
	Link to this comment:
	6 July 2012 9:20PM
	If you're unsure about whether you're infected because you're using your ISP's DNS servers (and you probably are), go to the properties of your network adapter and set yourself a static IP with different DNS servers.
	Examples to use:
	8.8.8.8 (Google) 208.67.222.222 (openDNS 1) 208.67.220.220 (openDNS 2)
	Link to this comment:
	6 July 2012 9:38PM
	I reinstalled Windows and all was well. Perhaps I should have tried this first?
	Unfortunately, if you get a rootkit such as this one, the best thing is to back up your data and reinstall your OS from scratch. Normally you will get a recovery DVD with your computer.
	Another option is to move over to Linux, e.g. Ubuntu. It is easier to use than Windows, despite what you might have heard. And there is so much amazing free software for it.
	Link to this comment:
	6 July 2012 9:47PM
	All sensible precautions which will protect you to a reasonable extent. However since the vast majority of virus, malware, trojans, etc target Windows only - switching to an alternative OS (Ubuntu or other Linux variants are as easy to install, set up and use as Windows) is the most sensible precaution one can take.
	Admittedly in this particular this, OSX also appears to be a victim so other bsd/linux variants may also be susceptible.
	Computers aren't just for geeks these days: children visit various flash-game sites, follow random adverts/links out of idle interest, etc - you're not going to prevent that except by using Squid (or similar) and whitelisting (blocks all sites but the ones you specify). Tedious. You could protect it to the hilt with antivirus: id-theft protection, family safety centre (wtf?), e-mail scanning, process scanning, auto-update every day, auto filescan once a day, windows firewall running (as well as one on the router)... at the cost of performance. Or you could filter out 95% of the susceptibility by installing Ubuntu, Mint, or a few other Linux-based distributions which are just as easy to install, maintain, and use (or some more esoteric ones which are more lightweight). And install a more minimal protection.
	It won't make the internet any safer - the dodgy content and scam merchants will still be there - but it's a lot safer than what 90% of people do: hand their old, outdated Windows laptop to the child and let them loose on the internet, then wonder why it doesn't work properly 2 weeks later.
	Link to this comment:
	6 July 2012 9:57PM
	Computers aren't just for geeks these days: children visit various flash-game sites, follow random adverts/links out of idle interest, etc - you're not going to prevent that except by using Squid (or similar) and whitelisting (blocks all sites but the ones you specify). Tedious.
	You don't need to do any of that. Windows firewall, decent free anti-virus, don't run as administrator, and delete browser caches at session end - that is simple and will avoid almost all of the problems.
	Or you could filter out 95% of the susceptibility by installing Ubuntu, Mint, or a few other Linux-based distributions which are just as easy to install, maintain, and use (or some more esoteric ones which are more lightweight). And install a more minimal protection.
	Yes, but...
	I've used Linux off and on since kernel 1.2 and I recognise its many strengths, but it has many failings too. Amongst them is hardware support - I'd like to run Linux on my laptop but there is no support for the "special" function keys, the soundcard isn't recognised properly and wireless networking is an absolute f*cking nightmare on many distros & not much better if you compile your own from source (I've done both).
	Even if all that works, you do still need antivirus software and you do still need to have a properly configured firewall. The latter is much easier to set up on Windows.
	it's a lot safer than what 90% of people do: hand their old, outdated Windows laptop to the child and let them loose on the internet, then wonder why it doesn't work properly 2 weeks later.
	There are two computers for every human in my house. One of them is an ancient Windows XP laptop. I can use that old machine perfectly safely, even on the "dodgy" websites - because it is properly configured.
	The fault is not with Windows, but with the way people use Windows computers.
	Link to this comment:
	6 July 2012 10:02PM
	If you're unsure about whether you're infected because you're using your ISP's DNS servers (and you probably are), go to the properties of your network adapter and set yourself a static IP with different DNS servers.
	The kind of people who cannot master basic virus protection and computer maintenance are frankly unlikely to be able to manually configure their network adapters, now are they?
	Link to this comment:
	6 July 2012 10:27PM
	From what I can tell, you don't need a firewall on Linux unless you are running a file server. You don't need to control who can connect to your computer because nothing can connect by default. However you can go to the software store and get a graphic firewall control if you want. The default setting for the firewall is "off" though.
	Likewise, I think virus scanners on Linux are mostly just used by people running mail servers. The virus issue on Linux seems nonexistent. By default Adminstrator is set to off and permission must be given for dangerous actions as well. (Of course if you go around installing dodgy software, anything is possible. But nothing can stop a user from running a rogue program and voluntarily giving it full permissions.)
	Link to this comment:
	6 July 2012 10:45PM
	From what I can tell, you don't need a firewall on Linux unless you are running a file server.
	Any computer connected to the internet should run firewall software. End of. If you think otherwise, FFS don't get a job as a network admin.
	You don't need to control who can connect to your computer because nothing can connect by default.
	You ALWAYS need to control who can connect to your computer.
	However you can go to the software store and get a graphic firewall control if you want.
	Or modify your kernel and configure & build the software yourself, which is really the only way to be sure it is secure. You need to see beyond the "click here to secure" mentality that is fine for general purpose client machines but not good enough for servers.
	The virus issue on Linux seems nonexistent.
	Only because Linux desktop clients are about 1% of the market. They are a large fraction of the server market, though, and those Linux machines are (or should be) locked down and secured with antivirus software, firewalls, alteration monitors, and so on. They're attacked frequently and are depressingly often compromised.
	If Linux (or Mac for that matter - MacOS is merely a variation of BSD Unix) grew to say 80% of the desktop market, you can be sure the "virus issue" on those platforms would become massive very quickly.
	But nothing can stop a user from running a rogue program and voluntarily giving it full permissions.
	Not giving the user root's password will stop a lot of this.
	Link to this comment:
	6 July 2012 10:55PM
	Unfortunately, if you get a rootkit such as this one, the best thing is to back up your data and reinstall your OS from scratch. Normally you will get a recovery DVD with your computer.
	Another option is to move over to Linux, e.g. Ubuntu. It is easier to use than Windows, despite what you might have heard. And there is so much amazing free software for it.
	It wasn't a root kit, all tests proved negative, and I just re-installed Windows over the top of the old one. As I didn't reformat the disks any root kit would have remained active?
	As for Linux, I have two machines running this for specialised tasks (one as a network media server, another, a cheap Raspberry Pi, just for fun). However, I need to use Photoshop. I object to having to pay Apple's prices for equipment so I use Windows for my main computing. The Gimp is good, but lacks the speed and many features of Photoshop.
	If Linux gets more popular, malware will soon start appearing for that platform too. No operating system can be immune to hackers.
	This particular malware, although nasty, isn't that serious - it doesn't steal your credit card details, passwords or anything like that, or connect you to a botnet.
	All it does is screw up your Google searches (and slow down surfing as the DNS server you get sent to is really crummy).
	The authors must get paid just one or two cents of ad revenue whenever you are sent to some crummy site, but I suppose if you can infect millions of machines that is big money.
	Link to this comment:
	6 July 2012 11:12PM
	I don't think there is any firewall software for the Linux home user. You have a firewall built in, which is turned off by default. If you want you can turn it on and configure it. However this is unnecessary for most people as the OS is not listening to anything it isn't supposed to.
	Of course people running a server that might have anything connecting to it (including Windows machines) need to be extremely careful. With just a non-server home user refusing all incoming connections, there is not much need that I can see.
	There are loads of Linux machines around, if you count servers. But still viruses are not a big problem. Of course no system is immune, and some viruses work entirely inside applications and it doesn't matter what OS you have, but I am not clear exactly which viruses the home user would be scanning for.
	In fact I have not been using Ubuntu very long at all, but these are the conclusions I have come to so far.
	Link to this comment:
	6 July 2012 11:18PM
	If you're unsure about whether you're infected because you're using your ISP's DNS servers (and you probably are), go to the properties of your network adapter and set yourself a static IP with different DNS servers.
	The only way you can get a static IP address is ask your ISP for one.
	Most charge extra, and a static IP address will actually make your computer (slightly) more at risk. Hackers love computers left on 24/7 with a static IP address and will target it, as they make excellent spam email servers.
	If you have a laptop, changing your router's DNS server settings will make no difference if you use your laptop elsewhere.
	You can tell Windows which DNS settings to use, though, and override you router or ISP.
	I recommend OpenDNS, (DNS server IP address: 208.67.222.222 and 208.67.220.220): it is free and has so many users that any 'dodgy' sites get reported very quickly (you get warned if you try to access one).
	If you have children you can opt in to having 'inappropriate' (porn) site filtering too.
	Link to this comment:
	6 July 2012 11:19PM
	I think this DNS changing guy is a rootkit. I don't know exactly how the Windows install process works. I guess this one is a dll in a system folder or whatever, that hides itself. If the Windows install just overwrote the files in the folder, and left anything extra untouched, then I suppose a rootkit could survive. If it overwrites the whole folder then it should kill it. But I am no expert.
	Link to this comment:
	6 July 2012 11:23PM
	There are loads of Linux machines around, if you count servers. But still viruses are not a big problem.
	Not a big problem? Really?
	Google 'Apache malware'. You will get about 9,340,000 results.
	Link to this comment:
	6 July 2012 11:24PM
	It wasn't a rootkit.
	Link to this comment:
	6 July 2012 11:54PM
	Some sites (including PC Magazine) called it one, but looking into it I see you are right. However it was spread by the TDSS rootkit, so it would be worth checking for that. (E.g. TDSSKiller)
	Link to this comment:
	7 July 2012 12:06AM
	Actually, what you need is the IP address of the FBI's page so that you can access it without going through DNS thus bypassing any possible DNS changing. As far as I can tell. it is 38.68.193.96. If anyone finds out different, please post it here asap.
	Link to this comment:
	7 July 2012 12:23AM
	There is no DNS changing going on any more. The dodgy DNS servers were replaced by legit ones. But these will be shut down. You can just navigate to the page normally.
	Link to this comment:
	7 July 2012 11:31AM
	DNS description is backwards. :V
	Link to this comment:
	7 July 2012 3:54PM
	I don't think there is any firewall software for the Linux home user. You have a firewall built in, which is turned off by default. If you want you can turn it on and configure it. However this is unnecessary for most people as the OS is not listening to anything it isn't supposed to.
	It's called iptables and in most distros it is normally set to reject ALL traffic by default. You have to manually allow traffic if you need to. Make sure it IS enabled before you connect to the world else you're as vulnerable as any Windoze machine.
	Link to this comment:
	7 July 2012 5:31PM
	Local static IP dude, not one facing the internet directly.
	Link to this comment:
	7 July 2012 7:01PM
	switching to an alternative OS (Ubuntu or other Linux variants are as easy to install, set up and use as Windows) is the most sensible precaution one can take.
	Sure, if you want to use rubbish applications.
	Admittedly in this particular this, OSX also appears to be a victim so other bsd/linux variants may also be susceptible.
	Right. So that would be your bullshit argument destroyed then.
	Link to this comment:
	8 July 2012 8:50AM
	Why does everything have to be referenced to the US?
	Too lazy to dig up numbers for the UK or Europe?
	Or easier to rewrite a story without getting out of your chair. You are as bad as Charles Arthur.
	Link to this comment:
	8 July 2012 8:15PM
	Once they gained control of computers DNS they were able control what sites the computer connects to, interfere with web browsing and make computers vulnerable to other malicious software. This is what tens of thousands of computers in the US are dealing with now.
	Suspicions before they click the 'test link' should be rather obvious then.
	Link to this comment:
	8 July 2012 8:35PM
	From what I can tell, you don't need a firewall on Linux unless you are running a file server.
	Erm... Yes you do! The ones on routers are pathetic. Are you really telling me that you openly suggest to people not to use a firewal!?!
	The virus issue on Linux seems nonexistent
	Because they are normally used as servers which are, believe it or not, locked down with firewalls.
	Link to this comment:
	8 July 2012 9:30PM
	hmmm.... rubbish applications? No: 'open' applications which sometimes work better than paid for and locked down software.
	And sometimes they don't.
	The same as some paid for applications are great and some are awful.
	Please don't paint open source with such a wide brush sir.
	I am currently using a netbook with windows starter 7 for net browsing, with my linux server upstairs happily chugging away and streaming media and my partner is using the better laptop also running linux to conference call with some people.
	Everything has it's uses, I would say from experience that Linux is more flexible and safer than windows but windows is easier for non-tech people to dive in and use. Both OS's have great applications and also some awfull ones (Word for example....eurgh...)
	Link to this comment:
	9 July 2012 3:49AM
	I have read alot about this virus in the last four months in the New York Times, Forbes, Sydney Morning Herald (Australia) but find this article very helpfull with the diagnosis links (tools). Most other global newspapers only talked about a problem but didn't present a solution or something that would go towards helping eke out a solution such as a diagnosis in the first place.
	Let along the online corporate media such as Google and Facebook don't have this impending catastrophy talked about enough on their digital properties or offer any first steps/solutions. Yet people flock to their sites stripping off revenue from traditional newspapers that spend money to come up with trusted, reliable, relevant, helpful information.
	Well done Guardian Journalists for great investigative journalism.
	Link to this comment:
	Comments on this page are now closed.
	Turn autoplay off
	Turn autoplay on
	Please activate cookies in order to turn autoplay off
	Edition: UK
	About us
	Today's paper
	Subscribe
	An estimated 45,600 Americans could lose internet access on Monday if the DNSChanger malware is not removed
	An estimated 45,600 computers infected with the DNSChanger Trojan could lose internet access on Monday when the FBI removes a temporary fix for computers infected with the malware.
	An organized criminal group called Rove Digital deployed the virus, which rerouted internet traffic, generating $14m in revenue for the group. In 2011, seven were charged for the internet fraud scheme that infected more than four million computers across the world. At least 500,000 of those computers were in the US and include computers owned by government agencies, businesses and individuals. Six of those charged were arrested, one remains at large.
	To keep victims from losing internet access, the FBI worked with a non-profit to provide victims with a temporary solution, which expires on Monday.
	Is your computer infected?
	To check if your computer is infected, click this link from the FBI. The site features an image which will have either a green background (which means your computer is clean) or red (which means your computer is infected). If you are outside the US, a list of country-specific sites to check if your computer is infected is available here.
	What to do if your computer is infected
	First, back up all valuable information on your computer. Then, take it to a professional. FBI has an in-depth rundown (pdf) on what to do if your Mac or PC has the virus. This website also provides a list of tools to clean up the malware.
	How the DNSChanger malware works
	DNS (Domain Name System) converts user-friendly domain names, like guardiannews.com into numerical internet protocol (IP) addresses that computers use to communicate with each other. So every time you enter guardiannews.com (which you should do often!), your computer takes the numeral code IP, sends it to the DNS, which in turn sends your computer to the proper website.
	The scammers infected computers around the world with the malware, allowing them to control DNS servers. Once they gained control of computers DNS they were able control what sites the computer connects to, interfere with web browsing and make computers vulnerable to other malicious software. This is what tens of thousands of computers in the US are dealing with now.

Previous version 1 2 3 Next version