As you probably know, anyone infected with the DNSChanger malware was supposed to lose internet today. The DNSChanger malware is a Trojan horse that changes the DNS settings on computers and routers to send users to malicious sites, which then steal personal information and generate illegal ad revenue for the scammers. In November 2011, the FBI took over the botnet’s rogue servers and replaced them and planned to shut down the servers they put up in replacement of the rogue ones today, March 8th.
However, companies and individuals infected with the Trojan have been given 120 more days (until July 9th) to clean up their PCs or they will lose internet access. Do you know if you’re infected or not? WhatsUp Gold can help.
Flow Monitor will detect if any devices are still infected on your network. You can build a group containing the IP addresses listed below, and then add an alert for DNS traffic to this group. If you are infected with the DNSChanger, you can then run a report for all infected devices.
Potentially Rogue DNS Servers
- 126.96.36.199 – 188.8.131.52
- 184.108.40.206 – 220.127.116.11
- 18.104.22.168 – 22.214.171.124
- 126.96.36.199 – 188.8.131.52
- 184.108.40.206 – 220.127.116.11
- 18.104.22.168 – 22.214.171.124
Take action before it’s too late – Find out if any of your devices are infected with your free 30-day trial of WhatsUp Gold!