There is less than a month to go until computers that have been infected with the DNSChanger malware will have trouble accessing websites and other internet services.
The Australian Communications and Media Authority (ACMA) has urged Australians to get their computer checked before 9 July, when a temporary fix for infected computers implemented by the Internet Systems Consortium will expire. DNSChanger altered computers' Domain Name System server settings, allowing the rerouting of traffic in the process of translating a domain name to an IP address.
The group behind DNSChanger was arrested in November by the FBI and Estonian police. The interim fix was implemented to ensure that computers with DNS settings altered by DNSChanger could still access the internet.
According to ACMA, an estimated 7500 Australian internet users are still either infected with DNSChanger or using the rogue settings installed by the malware. In March, the organisation reported that up to 10,000 Australians had devices infected with the malware.
ACMA e-Security operations manager, Bruce Matthews, told Computerworld Australia that even if users had removed DNSChanger, it was possible their computer was still using malware-altered settings.
“We suspect the reason why the rogue settings are still being used is because many Australians haven’t checked whether or not they are infected with DNSChanger,” he said.
Information on how to check DNS settings can be accessed on dns-ok.gov.au.
“It is important that after actions have been taken to remove DNSChanger that users revisit the diagnostic website to check whether they remain affected by this malware,” Matthews said.
To avoid re-infection in the future, he provided the following tips for users.
- Install and update security software and set it to scan regularly.
- Turn on automatic updates for all software.
- Use strong passwords and different passwords for different uses.
- Stop and think before clicking on links and attachments.
Matthews added that the most important lesson from DNSChanger was taking adequate steps to protect computing devices from malware.
“The worldwide pervasiveness of the DNSChanger malware and the recent Flashback malware affecting Mac OS X-based computers demonstrates the importance of taking preventative steps to minimise the likelihood and impact of malware infections,” he said.
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU