What is DNSChanger?
Time Warner Cable has received notification about industry-wide malicious online traffic, which we have identified as impacting a small fraction of our customers. If you received a notification from Time Warner Cable advising you that your system has been impacted by this industry-wide attack, your computer or another computer on your network may be infected by malicious software known as "DNSChanger."
DNSChanger redirects your internet traffic to alternative Web sites, most commonly redirecting advertisement traffic to sites controlled by the malicious operator. This means your Internet browser is pulling up different sites than the one originally intended by the Web site operator. DNSChanger does this by sending your computer's Domain Name System (DNS) traffic to servers under their control. Also, this malware allows infected computers to be controlled remotely (i.e., by another computer on the Internet known as a "command and control" server, or a C&C server). Details about this malware attack, and how your system may have been infected, can be found on the following FBI and Department of Justice Web site: www.fbi.gov/news/stories/2011/november/malware_110911/dns-changer-malware.pdf
What is the current risk to my privacy and online security?
Although law enforcement authorities have seized the rogue DNS servers and are temporarily operating the systems, because the malware may still be active on your computer(s), it presents an ongoing threat to your privacy and online security. Malware of this type can be used to steal passwords or personal data or may allow your computer(s) to be used to send spam or launch denial of service attacks.
Why must I take immediate action?
The DNSChanger malware was specifically engineered for the purpose of stealing personal identity information and financial data. Any personal or financial information you may have on the infected PC may be vulnerable. Additionally, computers infected with this type of malware may be used at any time for launching coordinated cyber-attacks or may be used to host illegal content or engage in illegal activities. It is strongly recommended that immediate action is taken to clean and secure your machines in order to reduce the risks associated with this malware.
How do I remove this malware?
It is recommended that you download and run one or more of the following cleaning tools on all computers.
Suggested Tools for Windows Operating Systems:
McAfee Stinger: www.mcafee.com/us/downloads/free-tools/stinger.aspx
Microsoft MSRT: www.microsoft.com/security/pc-security/malware-removal.aspx
Norton Power Eraser: security.symantec.com/nbrt/npe.aspx?lcid=1033
Suggested Tools for Apple Operating Systems:
Sophos AV: www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx
ClamX AV: www.clamxav.com/
The DNSChanger malware may also modify your operating system's local DNS settings, which will need to be reset manually:
For Windows 7
On your computer:
For Windows Vista
On your computer:
For Windows XP
On your computer:
For Apple Devices
For instructions for Apple computers, use this link:
www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-malware.pdf.
For instructions on how to check iPhones, iPads, & iPod touches, use this link: techinch.com/blog/change-your-dns-settings-on-iphone-ipod-touch-and-ipad.
If you are unable to remove the malware, as a precaution to protect your privacy and data, the Department of Justice, with the assistance of the FBI, is recommending that you update your master boot record and reformat your hard drive or take it to a local repair shop to have this done.
Once you have run a cleaning tool and made these changes, it is recommended that you reset the DNS settings on your router to default settings per the vendor’s recommended configuration. Here is a selection of more commonly seen manufacturers: