As if the 4 million PCs infected by malware created by Russian and Estonian hackers were not enough, another 300,000 plus computers are still declared infected by the botnet called DNSChanger. These over a quarter-million PCs are still harboring the malware and awaiting patch. The team of hackers responsible for the malware was already broken up by the FBI way back November 2011 but the remaining infected machines continue to thrive. Even though a fix was already provided to the general public for free, a large number of users of these machines are either not aware of the issue, or simply just plain lazy to get the patch.
The botnet worked by taking control of the machines and changing their DNS settings so that they would connect to rogue DNS servers hosting web advertisements. A user’s click on advertisements would then reroute to alternative sites which would serve ads of companies that paid the hackers for clicks. After the malware was discovered, the FBI shut down the rogue DNS servers central to the operation of the ring. Then the US District Court for the Southern District of New York decided to appoint replacement DNS servers so affected machines will not lose Internet connection before the botnet could be removed and their DNS settings fixed. A non-profit organization called Internet Systems Consortium was the appointed DNS servers and the FBI offered tools for users to diagnose and remove the botnet from machines.
Still, estimates put the remaining infected machines around the world at over 300,000 as of today. The Internet Systems Consortium would cease hosting the temporary DNS servers on July 9. Machines which are infected by the botnet would be unable to resolve domain names for websites and emails when these servers will be disconnected. They will be unable to connect to the Internet at all after the FBI will sever the services of the DNS servers on July 9.
If you have not checked your computer yet, visit this site for a fix right away.