Achyra Security Bulletin #005 – Domain Name System Trojan

There is a very nasty little Trojan (technical terminology for a type of malicious software) doing the rounds at the moment, that goes by the imaginative name of “DNS Changer Trojan”. It originated from Estonia, and although the creators have been arrested the malware has seen extensive infection across the globe. One security firm’s report (by Internet Identity) found that half of all Fortune 500 firms and 27 out of 55 major US government entities were affected by this problem. If it can wreak this much havoc on these highly secure, cash rich organisations I suspect that there is every chance your PC or server(s) could be at risk.

To check your machine follow this link for an immediate diagnosis. There is also information on how to remove the malware should your machine be infected.
More information:

Q) What is DNS?

A) DNS stands for Domain Name System. In a nutshell it acts very much like a telephone directory for computers on the internet. A web address (or URL) is actually linked to an IP address which computers use to identify servers they are requested to connect to by the user, however but an IP address is a series of numbers which us humans find difficult to remember so we masked the numbers with a more user friendly URL ( for example)

Q) What does this Trojan do?

A) DNSChanger changes an infected system’s domain name system (DNS) resolution settings to point towards rogue servers that redirected legitimate searches and URLs to malicious websites, earning “cybercrooks” kickbacks from click-fraud scams and “scareware” distribution rackets in the process.

Q) What happens if I don’t get rid of it?

A) Your machine will continue you to send you to “dodgy” websites when you are trying to visit a legitimate site. This could end up costing you money or infect your machine with further malware, could also disable your anti virus software and prevent your machine from downloading system updates.