DNSChanger Diagnostic

Your system does not appear to be affected by the DNSChanger malware.

What is DNSChanger?

DNSChanger is a class of malicious software (malware) that changes a user's Domain Name System (DNS) settings, enabling criminals to direct unsuspecting internet users to fraudulent websites and otherwise interfere with access to internet services. It has been associated with 'click fraud', the installation of additional malware and other malicious activities.

In November 2011, the FBI closed down a ring of cyber-criminals believed to be responsible for the worldwide spread of DNSChanger.

An estimated four million users were affected worldwide. To avoid these victims losing access to internet services, the FBI worked with the Internet Systems Consortium (ISC) to set up and operate a temporary but correct DNS solution, while giving ISPs the opportunity to assist their customers to remove their potential infection.

Note for Telstra customers

Telstra has established a temporary network solution to ensure that Telstra customers who are affected by DNSChanger will continue to be able to browse the internet after 9 July 2012. Further advice from Telstra on DNSChanger is available at www.telstra.com.au/protection

Telstra has configured its network so that in almost all cases if you are affected by DNSChanger and visit this website, dns-ok.gov.au, after 2pm AEST 9 July you will receive a red 'You appear to be affected by DNSChanger' diagnosis. So the fact you have landed on this green 'You do not appear to be affected by DNSChanger' webpage means you are very unlikely to be affected by DNSChanger.

A note about potential 'false negatives'

It is possible that your network administrator or internet service provider (ISP) is transparently rerouting or otherwise modifying your DNS traffic. This action may have been taken to negate the effects of DNSChanger, through providing you with an ongoing ability to access the internet after 9 July 2012. (The ACMA is not aware of any Australian ISPs other than Telstra undertaking this action - see note above for how this redirection affects Telstra customers.)

In such cases it is possible that one or more of your computing devices are infected by DNSChanger but this website provides you with a green 'You do not appear to be affected by DNSChanger' diagnosis.

If your DNS is being rerouted or modified, it is still possible to perform a manual check of whether your computing device remains affected by DNSChanger, and is still using the 'rogue' DNS settings installed by this malware. For more information on how to do this, refer to the FBI DNSChanger document (PDF) below and also the General information about DNSChanger on this website.

Advice for internet users still affected by DNSChanger after 9 July 2012

A basic document providing advice on Removing DNSChanger and restoring correct Domain Name System settings has been prepared to assist internet users affected by DNSChanger. It has been prepared for those internet users affected by DNSChanger after 9 July, when the ISC temporary DNS servers are no longer operational to enable online remediation assistance.

If you are affected by DNSChanger we recommend that you print out or save this document to your personal storage device so that it will be accessible without internet connectivity. You may also wish to print out or save the more detailed FBI DNSChanger document (PDF) to assist you regain access to internet services.

More information

• General information about DNSChanger
  

External Links

• FBI DNSChanger document (PDF)
  
• FBI DNSChanger arrests
  
• DNS Changer Working Group

---

This DNSChanger Diagnositic is a joint Australian Government initiative between:

• Australian Communications and Media Authority
• CERT Australia
• Stay Smart Online