It’s pretty unlikely that your computer is among the 277,000 worldwide still affected by the DNSchanger malware (63,000 of them in the US, per the FBI and CIO Daily), but just in case you find yourself mysteriously knocked offline Monday morning, here’s why.
From 2007 until the law knocked on their door in early 2011, an Estonian hacker ring maintained a scam system where infected computers had their DNS settings changed to point to compromised, rogue servers controlled by the criminals. Over the course of their activity, about four million computers were affected worldwide; AV software and system updates cleared most of the malware, but not all of it.
The good news is that these particular bad dudes are now in jail. The bad news is that for the infected computers that were pointing at the rogue DNS servers, simply taking the servers offline would have in turn caused the client computers to freak out. To prevent this, the FBI and other law enforcement took over the IP addresses for the rogue servers and have been running legitimate, well-behaved DNS servers there ever since.
All good things must end, however, and the FBI isn’t going to bear the costs of running those boxes any longer; they’re getting turned off tomorrow. You can check your machine using McAfee’s free online DNSchanger check, or use Macfixit’s rundown to confirm that you’re not pointed at the bogus DNS servers. Either way, you can use this opportunity to verify that you’re using the optimal DNS settings for your network — most likely your ISP’s recommended settings, or nationwide DNS providers such as Google (126.96.36.199) or OpenDNS (188.8.131.52).
DNSchanger standby servers will go dark Monday 7/9 originally appeared on TUAW – The Unofficial Apple Weblog on Sun, 08 Jul 2012 16:45:00 EST. Please see our terms for use of feeds.