You must have heard already about the already “famous” malware DNSChanger which manipulates the DNS settings of the computer in order to silently direct the users to malicious websites.
FBI and others took action against this malware and in November 2011 have managed to break the botnet. According to FBI, more than 4 million computers were affected world wide. The thieves manipulated DNS entries in order to block antivirus programs and the operating systems to update delivering this way even more malware on users’ computers. The DNSChanger malware was used also to redirect users to rogue servers controlled by the fraudsters, allowing them to control users’ web activity and generate income through online advertising. When FBI shut down the botnet, they also replace the servers which were directing to malicious domains with valid DNS servers.
So, if the botnet is shut down why all this trouble?
FBI will deactivate those new valid DNS servers on March 8, 2012.
If your computer was infected at some point in time and it was using one of the DNS servers which are now controlled by FBI, after March 8, it will no longer be able to make any DNS requests through these servers. In layman’s terms, you will no longer be able to browse the web, read emails and do everything you usually do on Internet. So, it is mandatory that the DNS settings of the computer are restored to their original state.
With the Avira DNS-Repair tool released (press release in German only) on Friday, January 20, you can revert to the default settings of Windows only with a few clicks.
Avira cooperated also with the German Federal Office for Information Security (BSI) and published the tool also on the special website created to check if the DNS requests are made to the right places: www.DNS-OK.de. Note that on this website you see the link to the Avira DNS-Repair-Tool only if it is detected that your system is affected by the malware.