Mac: How to detect and remove DNS Changer
International hackers ran a scam that co-opted DNS (domain name server) functionality on millions of user computers, including Macs. When the FBI took that network down in November 2011, agents realized they couldn’t just shut the hackers’ servers off, as doing so would disconnect affected users from the internet.
“We started to realize that we might have a little bit of a problem on our hands because … if we just pulled the plug on their criminal infrastructure and threw everybody in jail, the victims of this were going to be without Internet service,” runs an FBI statement. “The average user would open up Internet Explorer and get ‘page not found’ and think the Internet is broken.”
Or, for that matter, Safari, Chrome, Firefox and/or Camino.
So they set up DNS servers of their own. But this governmental largess comes to an end July 9 when the feds will turn off the servers that have carried users in the interim.
That said, you can automatically check to see if your Mac is infected by visiting the DNSChanger Working Group website — simply click the green Detect button and you will get one result or the other:
Alternately, you can check your Mac’s DNS settings manually: Dock > System Preferences > Network > Advanced > DNS. Compare the DNS server IP numbers on your Mac to this list of known bogus numbers.
Infected? Whereas the FBI has collected and vetted a list of commercial antivirus apps that can remove DNSChanger, if you’d rather not spend the money, ClamXav (Mac App Store) detects and removes DNSChanger — it’s the free, open-source-based antivirus app I use.
Also, SecureMac’s DNSChanger Removal Tool is free and just takes care of the task at hand.
For what it’s worth, I use OpenDNS — a free and open source DNS service — on my Mac because it blocks the Flashback Trojan and provides better performance than my ISP’s DNS service. If you’re liking the sound of that, here’s how to set up OpenDNS on your Mac — there’s nothing to install, just change a few numbers in the Network Settings panel.