-FBI Press Release
Beginning in 2007, the cyber ring used a class of malware called DNSChanger to infect approximately 4 million computers in more than 100 countries. There were about 500,000 infections in the U.S., including computers belonging to individuals, businesses, and government agencies such as NASA. The thieves were able to manipulate Internet advertising to generate at least $14 million in illicit fees. In some cases, the malware had the additional effect of preventing users’ anti-virus software and operating systems from updating, thereby exposing infected machines to even more malicious software.
The FBI has posted an online tool which can tell you if your computer's DNS settings have been tampered with, which can be found here. The FBI would also like anyone affected by this malware to contact them using this form.
The DNS Changer Working Group, which was formed to aide in the take-down and clean up, expects to install their own DNS servers in place of the malicious ones. These servers will allow the DCWG to alert users of infected computers that their system was compromised.
FBI's DNSChanger Detection Page
FBI's DNSChanger Victim Contact Form
The malicious DNS servers fall into these IP address ranges:
188.8.131.52 - 255
184.108.40.206 - 255
220.127.116.11 - 255
18.104.22.168 - 255
22.214.171.124 - 255
126.96.36.199 - 255
Edited by Andrew, 10 November 2011 - 05:51 PM.