27th June 2012: DNSChanger malware

How to identify and remove it

The DNSChanger malware was first detected in 2007. A computer infected with DNSChanger malware will have its DNS settings modified by the malware so the computer is redirected via rogue DNS servers to various fraudulent websites and made vulnerable to other malicious software.

The FBI has already seized the rogue DNS servers, replacing them with non-malicious DNS servers; however those DNS servers will be closed on 9th July 2012.

Should your computer be infected with DNSChanger malware, after 9th July it will try to access DNS servers that do not exist and this may result in an inability to view Web sites, send and receive email, etc.

Please visit this JPCERT Web page for how to identify and remove DNSChanger malware:

>> Infections by Malware which Rewrites DNS Settings (DNSChanger)