Google warns DNSChanger victims via search results

Google warns DNSChanger victims via search results

Summary: Google is warning around half a million users that their computers or routers are infected with the notorious DNSChanger clickjacking malware.The company said on Tuesday that it was notifying the infected on their search results pages, much as it did last July for a separate piece of malicious code.

SHARE:
TOPICS: Telcos
0

Google is warning around half a million users that their computers or routers are infected with the notorious DNSChanger clickjacking malware.

The company said on Tuesday that it was notifying the infected on their search results pages, much as it did last July for a separate piece of malicious code.

"The DNSChanger malware modifies DNS settings to use malicious servers that point users to fake sites and other harmful locations. DNSChanger attempts to modify the settings on home routers as well, meaning other computers and mobile devices may also be affected," Google security engineer Damian Menscher wrote in a blog post.

DNSChanger, which downloads onto victims' computers when they click on fake online ads and videos, has been around for years.

Last November US authorities revealed the existence of a four-million-strong botnet that had been created by cybercriminals using the tool.

"Since the FBI and Estonian law enforcement arrested a group of people and transferred control of the rogue DNS servers to the Internet Systems Consortium in November 2011, various ISPs and other groups have attempted to alert victims," Menscher wrote.

Menscher said that these awareness campaigns had only "had limited success" in the many cases where the victims did not speak English, or could not be located by the authorities. He said that, at the current disinfection rate, "hundreds of thousands of devices will still be infected when the court order expires on July 9th and the replacement DNS servers are shut down."

"At that time, any remaining infected machines may experience slowdowns or completely lose Internet access," he wrote. "We believe directly messaging affected users on a trusted site and in their preferred language will produce the best possible results."

"While we expect to notify over 500,000 users within a week, we realise we won't reach every affected user," Menscher added. "Some ISPs have been taking their own actions, a few of which will prevent our warning from being displayed on affected devices. We also can't guarantee that our recommendations will always clean infected devices completely, so some users may need to seek additional help."

Topic: Telcos

David Meyer

About David Meyer

David Meyer is a freelance technology journalist. He fell into journalism when he realised his musical career wouldn't pay the bills. David's main focus is on communications, as well as internet technologies, regulation and mobile devices.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion