Facebook Starts Notifying DNSChanger Victims

Facebook alerts owners of DNSChanger-infected computers that they need to take action before July 9
By Lucian Constantin
News Jun 6th 2012

Facebook has started notifying victims of the DNSChanger malware who visit the social networking site that their computers will be cut off from the Internet on July 9, if they don't clean them until that time.

Facebook's DNSChanger alerts will include a link the DNSChanger Working Group's website, which contains more information about the malware and instructions on how to remove it.

"Earlier this year, Facebook joined the clean up effort by participating in [DNSChanger Working Group], which is comprised of computer security experts from the public, private, and academic sectors," the Facebook security team said in a blog post on Monday. "As a result of our work with the group, Facebook is now able to notify users likely infected with DNSChanger malware and direct them to instructions on how to clean their computer or networks."

DNSChanger is a family of Trojan programs that hijack Web search queries, display malicious advertisements and redirect users to fake websites. They do this by forcing infected computers to use DNS servers controlled by attackers.

DNS servers play a very important role on the Internet -- they translate domain names into numerical Internet Protocol (IP) addresses that computers use to communicate with each other. By default, most computers use DNS servers operated by their respective Internet service providers (ISPs) -- entities that are implicitly trusted with routing their connections.