Google recently began notifying users whose computers or routers are infected with the DNSChanger malware, by placing a warning message at the top of the Google search results page.
"Our goal with this notification is to raise awareness of DNSChanger among affected users," Google security engineer Damian Menscher wrote in a blog post. "We believe directly messaging affected users on a trusted site and in their preferred language will produce the best possible results. While we expect to notify over 500,000 users within a week, we realize we won’t reach every affected user."
"In November of last year the United States FBI -- in cooperation with Estonian law enforcement -- tracked down and arrested the group behind the DNSChanger malware," writes PCWorld's Charles Ripley. "With millions of infected systems around the world relying on the malicious DNSChanger DNS servers, the FBI chose to continue hosting them as legitimate DNS servers. However, the FBI isn’t in the business of acting as an Internet Service Provider or DNS host, so as of July 9 the DNSChanger servers will be shut down. There are an estimated 500,000 systems still using those servers for DNS, and those PCs will no longer be able to reach the Web once the FBI pulls the plug."
"DNSChanger may no longer be hijacking search results, but the malware still carries secondary threats and risks," notes Krebs on Security's Brian Krebs. "It was frequently bundled with other nasty software, and consequently machines sickened with DNSChanger also probably host other malware infestations. Additionally, DNSChanger disables antivirus protection on host machines, further exposing them to online threats. To address these concerns, Google is steering users of infected systems to a set of instructions that include steps to eradicate DNSChanger and to third-party cleanup tools that may help scrub infections from other malware."
"[If] you want to be proactive and see if your computer is one of those which might be affected on July 9th, you can check via the DNS Changer Working Group website (DCWG)," advises Sophos' Graham Cluley. "The FBI also has a look-up form on its own site."