A press release from the FBI describes how it worked:
The malware secretly altered the settings on infected computers enabling the defendants to digitally hijack Internet searches and re-route computers to certain websites and advertisements, which entitled the defendants to be paid. The defendants subsequently received fees each time these websites or ads were clicked on or viewed by users. The malware also prevented the installation of anti-virus software and operating system updates on infected computers, leaving those computers and their users unable to detect or stop the defendants’ malware, and exposing them to attacks by other viruses.
In order to assist victims affected by the DNSChanger malicious software, the FBI obtained a court order last March authorizing the Internet Systems Consortium (ISC) to deploy and maintain temporary clean DNS servers. That solution was temporary, and provided additional time for victims to clean affected computers and restore their normal DNS settings.
The clean DNS servers will be turned off on July 9, 2012, and computers still impacted by DNSChanger may lose Internet connectivity at that time.
So, now would be a good time for you to check your computer. I’ve provided some links below to help you do that. Your internet service provider (ISP) can also help. Comcast, for example, has a pro-active notification service that lets customers know if their computers have been infected. In addition, Comcast, Verizon and Cox all provide anti-virus software free of charge for their customers.
Why would they do that?
Well, if your computer becomes part of a Botnet, which is a collection compromised computers on the internet; it can be used as part of a mass attacks that against websites, banks, corporations, government agencies, and more. So, the more effective ISP’s are at protecting their customers from malware; the easier it is for them to protect their networks.
At the height of its infection, the DNSChanger Botnet included more than 4 million computers in 100 countries; at least 500,000 of them here in the US. While many have been cleaned up since news about the problem and the subsequent FBI arrest of 6 Estonians charged with masterminding it; there are many computers that are still infected.
To make sure yours isn’t one of them; follow the links below.