Google warns DNSChanger victims
Google has begun warning visitors to its search engine if they are infected with the DNSChanger malware, and providing them with a link to disinfection instructions.
When DNSChanger infects a system, it switches the DNS server for another one that, for a while, intentionally answered the user's DNS queries with incorrect IP addresses. When users tried to navigate to particular sites, those addresses were used to bring up manipulated versions in which the advertisements had been replaced.
The FBI has now seized control of the malicious DNS servers, but countless computers are still infected with the malware. Google estimates that it will have to warn more than 500,000 infected users over the course of a week, but doesn't say how it came up with that figure.
These users still have access to the internet because the servers controlled by the FBI now return the correct IPs, but the agency plans to stop operating the servers on 9 July, when the court order expires. Anyone who has not realised that their system is infected and changed the DNS server by then will no longer be able to access the internet.
Google's plan makes sense, since the search engine is one of the most popular web sites, making it highly likely that a majority of the affected users will visit it by 9 July. Previously, users who wanted to check whether their system was using one of the DNSChanger servers had to be proactive and conduct an online check, for example at dnschanger.eu, which also includes disinfection instructions.