DNS Changer Malware Advisory: Read and Heed Before July 9, 2012

Sure safe your computers from this malware attack with a simple check

Tattoo is advising its subscribers to immediately check their computers for possible vulnerability to, or infection of a vicious malware (malicious software) that could ultimately lead them to lose Internet access on Monday, July 9, GMT 4:01.

Reports from the US’ Federal Bureau of investigation indicate that the malware, known as the DNS Changer malware, was designed to cause infected computers of unsuspecting Internet users to redirect to bogus websites or interfere with the users’ web browsing. This process allowed the hackers responsible for the malware to gain access to personal information including passwords.

Although US authorities have apprehended the suspects and have replaced infected servers with legitimate ones that would minimize the previous ones’ harmful effects.

However these replacement servers are set to lose Internet access on Monday, July 9 at GMT 4:01, causing infected computers running on these servers to lose Internet access. It would also isolate these computers from further infecting other users.

Furthermore, it was revealed that about 250,000 computers running on either Mac or Windows operating systems are already infected with this malware, and more computers worldwide are expected to be affected.

Are your computers infected?

Find out here if your computer has been infected with DNSChanger. This website checks your computer settings to see if it’s infected with DNSChanger.

If your computer is infected, the malware must be removed by July 9, 2012, in order to avoid disruption on Internet service.

If you're not able to complete this simple check, you can also check your computers manually with this easy step by step guide:

MANUAL CHECKS AND FIXES

MANUAL CHECKING/DETECTION

Windows

1. Click Start

2. Open the Command Window

  • (For Windows 7) Type cmd at the search bar
  • (For Windows XP) Click Run, then type cmd at the bar

3. Type ipconfig /all

4. Search for the DNS Servers section

Mac OS X

1. Click the Apple icon an the top left of the screen

2. Select System Preferences

3. Locate the “Network” icon

4. Read the “DNS Server” line

Ensure that the DNS Servers are not within the following range of Internet Protocols (IPs):

  • 85.255.112.0 through 85.255.127.255
  • 67.210.0.0 through 67.210.15.255
  • 93.188.160.0 through 93.188.167.255
  • 77.67.83.0 through 77.67.83.255
  • 213.109.64.0 through 213.109.79.255
  • 64.28.176.0 through 64.28.191.255

If the DNSChanger is detected, users may then use any of the following software to clean the infection:

  • Hitman Pro (32bit and 64bit versions)
  • Kaspersky Labs TDSSKiller
  • McAfee Stinger
  • Microsoft Windows Defender Offline
  • Microsoft Safety Scanner
  • Norton Power Eraser
  • Trend Micro Housecall
  • MacScan
  • Avira’s DNS Repair-Tool

Alternatively, subscribers may also visit the following sites to their system checked automatically

  • http://www.dns-ok.us/
  • http://dnschanger.detect.my

Fixing DNS Server Settings (Manual)

As network configurations depend on local policies and infrastructure, it’s impossible for us to guess or recommend setting specific to your policies. However, as a recommendation for those impacted by such an attack, McAfee recommends notifying your network administrator (or network provider) who may assist you in resolving your issue and that of others in your network who may have been impacted.

Most organizations have a managed network capable of providing DNS Setting via a DHCP. If you are connected to a corporate network or ISP who may allow Automatic DNS Settings, please use the following steps to reset your configuration.

1. Backup your network settings.

2. Use the registry editor to take a backup of the registry information under:

• HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\SERVICES\TCPIP

Run ncpa.cpl from the by clicking (Start R) as follows (It will open the Network Connections window):

3. Hit “OK”. This will bring up “Network connections”. Right-click in your active network connection. That may be Local Area Connection or Wireless Network Connection depending on whether you’re using a cabled or wireless network. Select Properties.

4. Select “Obtain DNS Server Address Automatically”

Read FAQs here

Find out more about the DNS Changer Malware and Operation Ghost.