DNSChanger: Temporary servers to shut down on July 9th, infected machines to lose Internet access

According to recent reports, 330,000 machines all over the world are still infected with the DNSChanger malware.
Machines infected with this malware beyond July 9th will be unable to access the Internet. Quick Heal users need not worry though, as they are protected against this threat. The malware signature is detected by Quick Heal and then removed from the system.

The History behind the problem
In November 2011 the FBI shut down around 100 malicious servers (known as the ‘Operation Ghost Click’ takedown) that were spreading the DNSChanger trojan. The DNS (Domain Name System) network converts URLs like ‘www.quickheal.com’ into IP addresses and directs people to their destinations. By altering this setting on infected machines, the DNSChanger malware redirected users to fake websites. These fake websites could phish for information, make users click on ads and perform other malicious activities. It is estimated that around 4 million machines were infected.

Shutting down all the malicious servers together would have caused all infected machines to lose access to the web immediately. So the FBI gave people some time to apply security patches and rid their machines of the trojan. In the meantime, the Internet Systems Consortium (ISC) continued to run a few of the servers as legitimate servers. But this was a temporary solution and the original deadline for shutting down these servers was set for March 8th. This deadline was then extended to July 9th, which is just a few weeks away now. There are still around 330,000 machines that are still infected though, and come July 9th these machines will lose access to the Internet as the temporary servers will be shut down.

Recently, Google also took it upon themselves to inform people if their machines are infected. Their claims that their company is synonymous with the web implored them to take action. Google now displays a message stating “Your machine appears to be infected” whenever someone carries out a Google search from a machine infected with DNSChanger.

How Quick Heal helps you stay safe
Quick Heal protects its customers from this threat. It detects the DNSChanger malware as Trojan.DnsChanger.Gen. We have known about this malware for a while, so our customers are safe. Nevertheless, we strongly suggest that users apply the latest security patches and keep their product updated.

Users who wish to ensure that their machine is not infected can refer to this post on Internet stoppage and check their DNS server IP. They can also use a free DNSChanger detection tool which can be found in this Quick Heal post.

Sanjay Katkar

Sanjay Katkar


Your email address will not be published.


  1. Avatar Niranjan Reddy Cyber Crime expert Pune PoliceJuly 7, 2012 at 3:00 PM

    Another, and oftentimes overlooked, aspect of the DNS Changer Malware package is that disables anti-virus applications and application software updates. That makes single users to corporate/government enterprises more susceptible to compromise, attack and lose of intellectual property.

  2. Avatar piyush raysoniJuly 8, 2012 at 8:44 AM

    when do we use the internet pls tell as

  3. Avatar Saptarshi Kumar NandiJuly 10, 2012 at 4:45 PM

    My Quick Heal can not download the updated version from 28th june. It shows me that it can not find the update. What I have to do?