As we said about a month ago, the shutdown of the DNS servers that still serve victims of the Esthost/Rove Digital cybercrime gang is imminent. Given the time that has passed since the original arrests, you’d think that this wouldn’t be a problem anymore. However, according to the DNS Changer Working Group more than 300,000 users are still infected with DNS Changer malware, all of whom will lose Internet access once the clean servers are turned off for good this Monday.
Let’s take a step back and remember why DNS changer malware is still a significant problem today. DNS changer malware changes the user’s preferred DNS servers from their preferred settings to malicious servers under the control of the attacker, allowing any and all of the user’s Internet access to be hijacked.
DNS changer malware was the primary tool of the Esthost/Rove Digital gang; when it was taken down in late 2011 we believed a total of 4 million users were affected. The gang primarily used this to carry out clickfraud, which involved redirecting sites and searches so that the syndicate were able to defraud search providers and advertisers.
As part of the FBI operation, the DNS servers were replaced by clean servers for the benefit of these users (as they would have instantly lost Internet access without warning otherwise.) These clean servers will be turned off on July 9.
For complete information about DNS Changer – such as how to find out if you’re infected, what to do if you are, and the secrets behind the Esthost/Rove Digital gang, you can visit our DNS Changer portal, which you can visit by clicking the banner below: