How the DNSChanger malware works
Monday, 9 July, was supposed to be 'Internet Doomsday' when the US' Federal Bureau of Investigation (FBI) was to shut down servers associated with the DNSChanger malware. As a result, computers infected with this threat were to be cut off from the Internet.
According to an IDG report, the FBI estimated that only 41,800 computers remained infected by DNSChanger as of Sunday night, and some Internet service providers have been offering their own solutions to keep customers online. So far, the cutoff day has been free of catastrophes, reports the IDG. We asked Eugene Teo, manager, security response, at Symantec, about this malware and how it was going to affect computers in Asia.
Yes it will. According to DNSChanger Working Group (DCWG), globally there are at least 210,851 unique Internet protocol (IP) addresses as of 8 July 2012, of which 619 are from Singapore, still being redirected to the rogue DNS servers now being controlled by the FBI. Our research has found the DNSChanger malware to affect computer systems operating on Windows and Mac only. It is also worth noting that the volume of "unique IPs talking to the clean DNS servers" under counts the total number of infections while the estimates built around unique browser IDs demonstrate a higher total infection count.