There has been a lot of buzz this week about the DNSChanger malware, I wanted to take a minute to summarize it for my friends and family.
If you’re curious what this is and why it is so important then read this section.
What’s important to note is that DNSChanger is a type of malware. Its been generalized in all the discussion, but there are a number of variants out there. For instance the group that was arrested, that has led to all this commotion, were distributing a number of variants: TDSS, Alureon, TidServ, and TDL4 viruses.
As for some history, back on November 8th, 2011, the FBI and Estonian police arrested a number of cyber criminals under an effort titled Operation Ghost Click. The challenge here became the cybercriminals had put in place a number of their own DNS server. For those not familiar, these DNS server are what allow you to interact on the internet. They are, for lack of a better word, your gateway to the interwebs. This was important because once they were able to infect your local computer with the virus, it’d traverse its way to your router which would then modify your local DNS settings. This would then point your machine to one of the malicious DNS servers. To you, it was probably unnoticeable, you’d still visit your webmail and your favorite social networking sites (e.g., Facebook, G+, etc…) but from time to time you’d find yourself on pages selling you things you weren’t looking for. This was done because they would make money on the click throughs, in this little effort they made something in the neighborhood of $14 million