Last November, the FBI arrested six Estonian nationals who were charged with using malware and rogue DNS servers to hijack millions of computers worldwide.
"A variety of methods of monetizing the DNSChanger botnet [are] being used by criminals, including replacing advertisements on websites that are loaded by victims, hijacking of search results and pushing additional malware," said Trend Micro's Feike Hacquebord, one of several that worked with the FBI on the takedown.
Because the malware is strong enough to wipe out a computer's anti-virus software ? the FBI set up a safety net using government computers to prevent any Internet disruptions for users whose computers may be infected.
"To assist victims affected by the DNSChanger malicious software, the FBI obtained a court order authorizing the Internet Systems Consortium (ISC) to deploy and maintain temporary clean DNS servers. This solution is temporary, providing additional time for victims to clean affected computers and restore their normal DNS settings. The clean DNS servers will be turned off on July 9, 2012, and computers still impacted by DNSChanger may lose Internet connectivity at that time" FBI says.
Users should make sure their computer is clean. They can do that first, by visiting this FBI-backed website, DNS-OK, which will tell them whether their computer is infected with DNSChanger malware.
Still, the bureau notes, some systems that appear to be clean may appear that way because of their service provider: "If your ISP is redirecting DNS traffic for its customers, you would have reached this site even though you are infected."
So the next step for users is to go to this site, run by the DNS Changer Working Group. The DNS Changer Working Group will detect whether a computer has been "violated," and if so, will point use to the right fix for your computer.
The warnings about the Internet problem have been also splashed across Facebook and Google.