Steps to Help Those with DNSChanger Malware

06/27/12 at 4:58 pm

As previously noted at this blog and elsewhere, computers and other Web-browsing devices that are infected with the “DNSChanger” malware could lose Internet access on July 9.

That’s the day the safety net — put in place by the FBI, Internet Systems Consortium (ISC), and DNS Changer Working Group (DCWG) — stops operating.

Suddenlink has taken steps to replicate this safety net for our customers. Following is a brief explanation of the terminology and process we’ll use.

DNS stands for Domain Name System. It changes user-friendly domain names into numerical Internet Protocol (IP) addresses, which computers use to communicate with each other.

    To illustrate: Let’s say you enter the text of a domain name — like — into your Web browser address bar. Your computer would then contact a DNS server. That server would translate the text “” into the numerical IP address tied to the CNN website, and send you on your way to that website.

That’s what normally happens.

In contrast, computers infected with the DNSChanger malware are sent to a bad or rogue DNS server. In turn, this rogue server sends infected computers to a different website than the one they’re seeking. That different website might look like the correct one, but it’s not: It’s a site set up by criminals who may be trying to steal and use your personal and confidential information.

The FBI has uncovered a network of these rogue DNS servers and attempted to disable them. In addition — because computers infected with DNSChanger malware rely on rogue servers — the FBI, ISC, and DCWG have set up a network of “clean” DNS servers plus a system or safety net, whereby a computer attempting to use a rogue server is redirected to one of the clean servers and is thus able to access the legitimate (non-criminal) websites it is seeking. However, as noted earlier, this safety net will stop operating on July 9.

That’s why Suddenlink and various other Internet service providers have worked with the FBI so that we can continue offering a safety net — on and after July 9 — to our customers whose computers are infected with the DNSChanger malware.

The new process is modeled on the current process. In short: Across the Suddenlink network, we have deployed a list of the rogue DNS servers identified by the FBI. Accordingly, when an infected computer tries to use one of the rogue servers on that list, it will be redirected to a clean or valid DNS server so that it can find the website it is seeking. Importantly, this system is fully automated so the process should be seamless for customers whose computers are infected with the DNSChanger malware.

Of course, owners of infected computers should still take steps to have their computers cleaned — in part because it’s possible those computers are also infected with other malware, and clean DNS servers do not protect against other malware.

Accordingly, we encourage all customers (a) to make sure they have security software installed on their Internet devices, and (b) if they suspect one or more of their devices are infected with the DNSChanger malware, to visit and follow the clean-up instructions offered by the DCWG, here.

Entry filed under: Internet News & Trends.

New on Suddenlink VOD: ‘Mirror Mirror’ All-Digital Upgrade Completed in Navasota, Texas


As time and resources allow, we attempt to review and publish a representative sample of comments, including those with points-of-view contrary to our own. We reserve the right to edit or reject comments to eliminate profanity, personal attacks, off-topic or duplicative remarks, etc. Comments are closed on new posts after 48 hours.


%d bloggers like this: