Malware: Inside Notifying users affected by the DNSChanger malware accross Africa since july 2012

Since july 2012 more or less Google undertaked an effort to notify roughly half a million people whose computers or home routers are infected with a well-publicized form of malware known as DNSChanger. In fact after successfully alerting a million users last summer to a different type of malware, Google’ve replicated this method and have started showing warnings via a special message that will appear at the top of the Google search results page for users with affected devices.

 The Domain Name System (DNS) translates familiar web address names like google.com into a numerical address that computers use to send traffic to the right place. The DNSChanger malware modifies DNS settings to use malicious servers that point users to fake sites and other harmful locations. DNSChanger attempts to modify the settings on home routers as well, meaning other computers and mobile devices may also be affected.

Since the FBI law enforcement arrested a group of people and transferred control of the rogue DNS servers to the Internet Systems Consortium in November 2011, various ISPs and other groups have attempted to alert victims. However, many of these campaigns have had limited success because they could not target the affected users, or did not appear in the user’s preferred language (only half the affected users speak English as their primary language). At the current disinfection rate hundreds of thousands of devices will still be infected when the court order expires on July 9th and the replacement DNS servers are shut down. At that time, any remaining infected machines may experience slowdowns or completely lose Internet access.

Google’s goal for example with via  notification initiative,is to raise awareness of DNSChanger among affected users.(image:Istockphoto).