MANILA, Philippines — Despite stern warnings by various Internet and telecom companies as well as the US’s Federal Bureau of Investigation (FBI), thousands of computers in the Philippines remain infected by the DNSChanger malware and would stand to lose Internet access on Monday, July 9.
According to latest data from the DNS Changer Working Group (DCWG), a multi-sectoral ad hoc group of subject matter experts in security and DNS monitoring, some 1,286 unique IP addresses discovered to be infected with the malware were coming from the Philippines.
Globally, more than 240,000 were still recorded to have the malware in their systems, which mean they would lose access to the Internet if the infection remains unresolved by Monday.
On Sunday, a day before the FBI takes down the DNS server to which the malware has changed infected users’ DNS settings to, security firms and Internet companies have reiterated the call for users to check if their systems still contain the virus.
Some of the popular Internet destinations such as Google and Facebook have put in place systems that notify users of possible infection and the step they can take to ensure their systems remain up after the July 9 deadline.
Kaspersky Lab, a Russian security software provider, meanwhile stressed that even though users have removed the malware from their computers, they should remain vigilant for mutations and strains of the virus, which could still wreak havoc in their systems.
“In other words, it doesn’t mean you have pneumonia, but you still have a cough. And it makes you extraordinarily more likely to get sick again,” said Kurt Baumgartner, a Kaspersky Lab Expert, adding that some antivirus software providers have been prompting users to check and point their settings to “clean” DNS servers to avoid future similar incidents.
The FBI, on the other hand, has put up a website where users can quickly check to see if their PCs had been infected: http://www.dns-ok.us/
The DNSChanger malware was discovered last year to be re-routing Internet traffic of infected PCs to servers of a group of Internet hackers, which allows them to display advertisements or spread malware to more users.
Once infected, the Domain Name Settings (DNS) of an infested computer will be changed to that of the hackers’ servers. Reports said systems have started to become infected when they visited similarly infected websites, “or downloaded particular software to view videos online,” according to technology news site CNet.
In addition to changing the DNS servers of the computer, the malware has also been known to prevent antivirus updates from occurring, which means traditional security software couldn’t possibly detect the infection.
The group behind the malware has since been arrested by authorities in 2011, but the temporary redirection servers set up by law enforcement bodies to give users the time to clean up their systems will soon be shut down.
To check if your system is infected, telcos PLDT and Smart urged to go through your computer’s settings:
1. Click Start
2. Open the Command Window
3. (For Windows 7) Type cmd at the search bar
4. (For Windows XP) Click Run, then type cmd at the bar
5. Type ipconfig /all
6. Search for the DNS Servers section
Mac OS X
1. Click the Apple icon an the top left of the screen
2. Select System Preferences
3. Locate the “Network” icon
4. Read the “DNS Server” line
If the DNS servers are pointed at any of the following addresses, then it means the system is infected:
• 22.214.171.124 through 126.96.36.199
• 188.8.131.52 through 184.108.40.206
• 220.127.116.11 through 18.104.22.168
• 22.214.171.124 through 126.96.36.199
• 188.8.131.52 through 184.108.40.206
• 220.127.116.11 through 18.104.22.168
THE EASIEST WAY TO CHECK IF YOUR PC IS INFECTED, SIMPLY CLICK THE LINK/S: