Back to Main Page
Your computer then uses this IP address to connect to the website you are looking for. The DNS servers you use are usually operated by your Internet Service Provider (ISP) and form part of the network which connects your computer to the internet.
Without the DNS and DNS servers, you would not be able to access websites, send e-mail, or use many other internet services.
Criminals have learned that if they can control DNS servers, they can control which sites a user connects to on the internet. By controlling a user's DNS, a criminal can cause an internet user to unknowingly access fraudulent or malicious content, or otherwise interfere with a user's web browsing.
One way criminals do this is by infecting computers with a type of malicious software (malware) called DNSChanger. The DNSChanger malware replaces a user's DNS settings with settings that connect to 'rogue' DNS servers.
In November 2011, the FBI closed down a ring of cyber criminals who are believed to have been responsible for the worldwide spread of DNSChanger. An estimated four million users were affected worldwide. The FBI worked with the Internet Systems Consortium (ISC) to set up and operate a correct, temporary DNS solution so that these users would not lose their internet access when the malicious DNS servers were taken down.
This temporary DNS solution gives users infected with DNSChanger the opportunity to remove the infection before the temporary solution was switched off on 9 July 2012. As a consequence, most users affected by DNSChanger after this date are unable to access internet services.
This means that all the computers on your network can be affected by DNSChanger, even if they are not directly infected with the malware.
instructions (PDF) for checking the DNS settings on a range of operating systems and some basic instructions, primarily for users of Microsoft Windows, are also provided in Removing DNSChanger and restoring correct Domain Name System settings.
You may also wish to seek advice from a computer professional to assist you in diagnosing and removing DNSChanger.
A list of the DNS settings associated with the rogue DNS servers is provided below - if a computer is using one or more of these settings, it is very likely to be affected by DNSChanger.
If your router is still using the default username and password provided by the manufacturer you should check its DNS settings, as DNSChanger may have changed these settings. The instructions for changing the DNS settings will vary by manufacturer, so you should read the instructions for your particular router.
You should compare your router's DNS settings to the 'rogue' DNS server settings provided above. If your router is using one or more of these settings, a computer on your network may be infected with DNSChanger.
This is an incomplete list of tools and resources that may help with DNSChanger detection and removal:
- Avira DNS Repair Tool
- Kaspersky TDSSKiller
- McAfee Stinger
- Microsoft Safety Scanner
- Microsoft Windows Defender Offline
- SecureMac's dnschanger.com
- SurfRight Hitman Pro
- Symantec Power Eraser
- Trend Micro HouseCall
This DNSChanger Diagnositic is a joint Australian Government initiative between: