The Latest in IT Security

Tool: DNS Check #DNSChanger


An Estonian company called Rove Digital was busted last November. Why? Because it was a front for the ad-fraud DNSChanger botnet. And ever since November, the USA’s FBI has been responsible for the substitute DNS servers designed to keep compromised computers from being disconnected (and causing support call chaos).

Back in March, we wrote about the looming expiration of the FBI’s authority. Fortunately, that authorization was extended until July.

According to Google, roughly half a million instances of DNSChanger still exist in the wild and the company recently began to notify people of the problem using this message.

The Shadow Server Foundation has an impressive visualization of infections:

YouTube: DNSChanger Infections

So now you may find yourself asking: how can I check for a DNSChanger infection?

The DNSChanger Working Group has an extensive list of sites which will check for problems.

F-Secure Labs also has something to offer: DNS Check.

F-Secure DNS Check

It’s a script-based tool that can be used to reset problematic DNS settings.

DNS Check will scan to determine if the computer’s DNS is configured to use the botnet’s servers (now the FBI’s) and can be used to reset default settings to DHCP, OpenDNS, or Google DNS.

FTP download:

SHA1: 026b19bfbeeb2e02a9d4157f6fffa82ffcb62ab9 – DNSCheck.hta
SHA1: 5ddd867dc15a3398610868f06daec541278d8b16 – README.txt
SHA1: 2adedec5ceb4009d9b705cb6d9cb4c323dddc9a1 – admin_console.bat
SHA1: dcc8408c05cec84e4ac7420e6f7036c91e708ee2 – .\images\fsecure-logo.png
SHA1: a3630f948bb4d7b6c97318a50c5ad25fa85dca14 – .\images\icon.ico

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments