Security Blog
The latest news and insights from Google on security and safety on the Internet
Notifying users affected by the DNSChanger malware
22. Mai 2012
Posted by Damian Menscher, Security Engineer
Starting today we’re undertaking an effort to notify roughly half a million people whose computers or home routers are infected with a well-publicized form of malware known as DNSChanger. After successfully alerting a million users
last summer
to a different type of malware, we’ve replicated this method and have started showing warnings via a special message that will appear at the top of the Google search results page for users with affected devices.
The
Domain Name System
(DNS) translates familiar web address names like google.com into a numerical address that computers use to send traffic to the right place. The DNSChanger malware modifies DNS settings to use malicious servers that point users to fake sites and other harmful locations. DNSChanger attempts to modify the settings on home routers as well, meaning other computers and mobile devices may also be affected.
Since the FBI and Estonian law enforcement arrested a group of people and transferred control of the rogue DNS servers to the Internet Systems Consortium in November 2011, various ISPs and other groups have attempted to alert victims. However, many of these campaigns have had limited success because they could not target the affected users, or did not appear in the user’s preferred language (only half the affected users speak English as their primary language). At the current disinfection rate hundreds of thousands of devices will still be infected when the court order expires on July 9th and the replacement DNS servers are shut down. At that time, any remaining infected machines may experience slowdowns or completely lose Internet access.
Our goal with this notification is to raise awareness of DNSChanger among affected users. We believe directly messaging affected users on a trusted site and in their preferred language will produce the best possible results. While we expect to notify over 500,000 users within a week, we realize we won’t reach every affected user. Some ISPs have been taking their own actions, a few of which will prevent our warning from being displayed on affected devices. We also can’t guarantee that our recommendations will always clean infected devices completely, so some users may need to seek additional help. These conditions aside, if more devices are cleaned and steps are taken to better secure the machines against further abuse, the notification effort will be well worth it.
Labels
android
android security
android tr
app security
big data
biometrics
blackhat
chrome
chrome security
federated learning
Gboard
google play
google play protect
pha family highlights
privacy
Security
spyware
targeted spyware
vulnerabilities
Archive
2021
Jan
2020
Dez
Nov
Okt
Sep
Aug
Jul
Jun
Mai
Apr
Mär
Feb
Jan
2019
Dez
Nov
Okt
Sep
Aug
Jul
Jun
Mai
Apr
Mär
Feb
Jan
2018
Dez
Nov
Okt
Sep
Aug
Jul
Jun
Mai
Apr
Mär
Feb
Jan
2017
Dez
Nov
Okt
Sep
Jul
Jun
Mai
Apr
Mär
Feb
Jan
2016
Dez
Nov
Okt
Sep
Aug
Jul
Jun
Mai
Apr
Mär
Feb
Jan
2015
Dez
Nov
Okt
Sep
Aug
Jul
Jun
Mai
Apr
Mär
Feb
Jan
2014
Dez
Nov
Okt
Sep
Aug
Jul
Jun
Apr
Mär
Feb
Jan
2013
Dez
Nov
Okt
Aug
Jun
Mai
Apr
Mär
Feb
Jan
2012
Dez
Sep
Aug
Jun
Mai
Apr
Mär
Feb
Jan
2011
Dez
Nov
Okt
Sep
Aug
Jul
Jun
Mai
Apr
Mär
Feb
2010
Nov
Okt
Sep
Aug
Jul
Mai
Apr
Mär
2009
Nov
Okt
Aug
Jul
Jun
Mär
2008
Dez
Nov
Okt
Aug
Jul
Mai
Feb
2007
Nov
Okt
Sep
Jul
Jun
Mai
Feed
Follow @google
Follow
Give us feedback in our
Product Forums
.