"The Internet is Falling, The Internet Is Falling" - C. Little

There's been a veritable fountain of viral emails, Facebook postings, et cetera about how the Internet is being "shut off by hackers" on the 9th of July, 2012. This isn't entirely correct - Yes those who are infected with the DNSChanger trojan may not be able to reach the Internet, but it's because temporary "clean" Domain Name Service (DNS) servers are going to be shut down, and if you haven't cleaned out the Trojan, then No Internet For You!!

What I find amusing is this has been known for months - the Feds arrested the guys responsible back in November 2011...

However, the threat still remains.

Now, it's pretty easy to see if you are at risk for losing Teh Interwebz. U.S. users can go to http://www.dns-ok.us and automatically check your DNS settings. For the geekier of us we can use the IPCONFIG command at a DOS prompt and see our DNS settings. (instructions are found here {PDF document - make sure you have Adobe Reader installed}).

OK - now you see all your DNS Settings - what does this mean?  The following table has the Bad Servers listed:

85.255.112.0 through 85.255.127.255
67.210.0.0 through 67.210.15.255
93.188.160.0 through 93.188.167.255
77.67.83.0 through 77.67.83.255
213.109.64.0 through 213.109.79.255
64.28.176.0 through 64.28.191.255

To make the comparison between the computer’s DNS servers and this table easier, start by comparing the first number before the first dot. For example, if your DNS servers do not start with 85, 67, 93, 77, 213, or 64, you can move on to the next step. If your servers start with any of those numbers, continue the comparison.

(text courtesy of the US Federal Bureau of Investigation)

Of course If your local IP address is a non-routable (192.168.x.x) address, you'll need to check your router. Check your documentation on how to do this.

Oh Happy Day - you're infected! Congratulations! Now what? The following is a list of sites and/or tools to kill this bad boy.

(list courtesy of the Domain Changer Working Group) at http://www.dcwg.org/fix/

Hitman Pro (32bit and 64bit versions)	http://www.surfright.nl/en/products/
Kaspersky Labs TDSSKiller	http://support.kaspersky.com/faq/?qid=208283363
McAfee Stinger	http://www.mcafee.com/us/downloads/free-tools/stinger.aspx
Microsoft Windows Defender Offline	http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline
Microsoft Safety Scanner	http://www.microsoft.com/security/scanner/en-us/default.aspx
Norton Power Eraser	http://security.symantec.com/nbrt/npe.aspx
Trend Micro Housecall	http://housecall.trendmicro.com
MacScan	http://macscan.securemac.com/
Avira’s DNS Repair-Tool	http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1199