The Department of Homeland Security is the latest agency to appeal to U.S. consumers to check their computers for signs of DNSChanger malware before they are knocked offline in a couple of months.
Rand Beers, undersecretary for the National Protection and Programs Directorate, implored users to test their home and office computers for the trojan, which infected more than 4 million machines in 100 countries before law enforcement officals took down the sophisticated fraud ring. As part of “Operation Ghost Click,” authorities took command of implicated DNS servers and redirected compromised computers to surrogate servers. Those servers now must be taken down July 9 by court order. At that time, any machine still tethered to the temporary servers will be forced offline.
“I encourage everyone to keep your operating system, browser, and other critical software optimized by installing updates,” Beers wrote in a blog post on the DHS Web site. “And, you can assess your own computer’s susceptibility for the DNSChanger malware at the industry-wide DNSChanger Working Group website. In fact, I just tested my computer at home – the process was simple, straight-forward, and only took a few minutes.”
As of last month, 84,000 U.S. computers were still tied to the “clean” servers put up for the FBI by the Internet Systems Consortium. The number worldwide is around 350,000. A Kindsight Security Lab malware report released today for Q1 ranked DNSChanger as the most prevalent high-level infection with 1 in 400 households still infected.
Federal officials this spring began recommending people scan their machines with a number of free tools, including one widely publicized scanner on the Working Group’s web site. But a security expert cautioned it can create confusion from inconsistent findings. One suggested solution is to download AV software that scans for DNSChanger, rather than rely solely on one of sites on the FBI’s Check-up List.
Some also say more education (and help) is needed to help consumers remove the malware and reconfigure their machines to use their ISP’s DNS servers.
In the meantime, DHS’s Beers is asking everyone to help spread the word to reduce the number of machines still carrying the troublesome trojan. “DHS is committed to ensuring cyberspace supports a secure and resilient infrastructure, enables innovation and prosperity, and protects privacy and other civil liberties by design, but we need everyone, including our industry partners and the general public to do their part.”