[Masthead] Fair ~ 64°F  
High: 89°F ~ Low: 66°F
Tuesday, May 31, 2016

Warning: Your computer could be infected

Wednesday, April 25, 2012

Computer virus and malware warnings have become sadly common in this day and age, but Steve Mallard at Tennessee Technology Center at Shelbyville suggested that one of the more recent ones was a significant enough threat that I ought to pass something along to you about it. Steve knows what he's talking about, so when he's concerned about something I pay attention.

I've explained DNS -- Domain Name System -- in this space before. Basically, every Internet address -- whether it's the address of a specific web page, an e-mail address or what have you -- is expressed in a series of numbers. There could be four or six numbers, separated by periods.

When you type a text-based address, let's say http://www.t-g.com, into your browser or click something to which a text-based address has been hyperlinked, your computer reaches out to a DNS server located somewhere out on the Internet. The DNS server works like a telephone book, looking up the numbers which correspond to the name.

Most people use a DNS server belonging to their Internet provider -- the cable company, the phone company or whomever. Unless you've deliberately made changes to your DNS settings, that probably includes you.

Some people specifically tweak their settings to use an independent DNS server, such as OpenDNS or Google Public DNS, instead of their ISP's server. These independent DNS servers claim to be faster and less subject to outages, or to provide more options for blocking offensive websites.

Anyway, one piece of malware making the rounds in recent months is called DNS Changer, because it goes into your computer's settings and changes your preferred DNS server from whatever it's set to now (whether your Internet provider or a third-party DNS provider) to its own, malicious DNS server. That server would then show you advertising websites instead of whatever sites you were trying to reach. It's as if someone stole your telephone book and replaced it with a fake telephone book where every listing has the same number -- the number of some con artist.

The FBI found out about this malicious software and has taken over the DNS addresses to which it redirects people. For the moment, it is routing that traffic to legitimate DNS servers it has installed. So if you were infected with the DNS Changer virus, you might currently be using the FBI's servers without knowing it.

The FBI doesn't want to be in the DNS business forever, though, so it plans to turn off those servers in July. That means that if your computer is infected, you could wake up one morning in July and find yourself unable to get to any web sites.

The FBI is urging computer users to confirm between now and July whether they're infected. It's easy to do: just go to http://www.dns-ok.us. If you see a red logo, your computer is infected; a green logo means you're probably fine. (I say "probably" because, according to the site, there are a few cases where ISPs may be manually diverting traffic away from the malicious servers in order to protect their customers. If your ISP is doing that, you'll get a green logo even if your individual computer is infected.)

If you are infected, it's a simple matter to go into your computer's settings and restore your DNS either to your ISP's recommended settings or to a legitimate third party DNS like OpenDNS or Google Public DNS. Go to http://www.dcwg.org for more information, or check with the technical support for your ISP.

This all goes back to the importance of having good virus software on your computer, as well as using your firewall. Many computers come with anti-virus software installed, although it may be a trial version and you may need to subscirbe to keep it up to date after a few months of the free trial.

Microsoft now offers a good free antivirus package for Windows, Microsoft Security Essentials, and there's no excuse for anyone not to at least be running that. You can download it at http://windows.microsoft.com/mse. There are several other free antivirus programs available on the web, not to mention the many paid commercial products.

--John I. Carney is city editor of the Times-Gazette and covers county government. He is also the author of the self-published novel "Soapstone." His personal web site is lakeneuron.com.

Respond to this story

Posting a comment requires free registration:

John I. Carney
Loose Talk / Charge Complete
John I. Carney is city editor of the Times-Gazette.