The Inquirer-Home

Google warns users over DNSchanger malware

Half a million might be infected
Wed May 23 2012, 15:26
Google is warning users about the DNSChanger malware

INTERNET SERVICES FIRM Google has started warning its users that they might be infected with a piece of malware that could cause them to lose their internet connections.

The firm said that it would notify half a million people that they might be infected with the malware known as DNSchanger, adding that the campaign follows a successful one carried out last year.

Infected Google users will be alerted by a message at the top of their search results pages said Google security engineer Damien Menscher.

"The DNSChanger malware modifies DNS settings to use malicious servers that point users to fake sites and other harmful locations," he said. "DNSChanger attempts to modify the settings on home routers as well, meaning other computers and mobile devices may also be affected."

This is not the first time that a cleanup has been attempted, and Menscher said that those responsible for running the malware were arrested last year. Since then, he said, ISPs and the Internet Systems Consortium have also joined the efforts. However, so far they have had little success.

"Many of these campaigns have had limited success because they could not target the affected users, or did not appear in the user's preferred language (only half the affected users speak English as their primary language)," he added.

"At the current disinfection rate hundreds of thousands of devices will still be infected when the court order expires on July 9th and the replacement DNS servers are shut down. At that time, any remaining infected machines may experience slowdowns or completely lose Internet access."

The half a million users are expected to be notified within a week, but Google might not find everyone who is infected.

"While we expect to notify over 500,000 users within a week, we realise we won't reach every affected user. Some ISPs have been taking their own actions, a few of which will prevent our warning from being displayed on affected devices. We also can't guarantee that our recommendations will always clean infected devices completely," added Menscher.

"Some users may need to seek additional help. These conditions aside, if more devices are cleaned and steps are taken to better secure the machines against further abuse, the notification effort will be well worth it."

The FBI is also continuing cleanup efforts and is offering computer users the chance to test their system for infection. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Microsoft's Windows 10 Preview has permission to watch your every move

Does Microsoft have the right to keylog users of its Windows 10 Technical Preview?