The Canadian Internet Registration Authority (CIRA), in collaboration with Public Safety Canada and the Canadian Radio-television Telecommunications Commission (CRTC), has developed an online DNS Checker to screen users' computers for the DNSChanger malware.
CIRA says the free online tool lets Canadian Internet users to detect if their computer is affected by the DNSChanger malware.
The DNSChanger Trojan horse could change the DNS server settings on infected computers and divert traffic to rogue servers. The malware was cross-platform, and was said to have affected millions of PC and Mac systems worldwide, over half a million of them in the U.S.
The FBI began working with several foreign governments on Operation Ghost Click, eventually arresting several alleged perpetrators.
As part of its Operation Ghost Click, the FBI uncovered an extensive cyber criminal activity, whereas millions of computers around the world were infected with malicious software without the knowledge of the user. The malware, called DNSChanger, affected the Domain Name System (DNS) configuration of the user's computer system. The DNS is the system that changes domain names into Internet Protocol (IP) addresses (for example, cira.ca=192.228.29.1. For more informatoin about DNS visit http://youtu.be/2ZUxoi7YNgs). The malware infrastructure, which affected over 20,000 Canadian IP addresses, redirected unsuspecting user's to rogue DNS servers, allowing the cyber criminals to manipulate the user's web activity. Because of the complexity and sophistication of this malware, detection and removal is challenging without the help of an IT security professional.
CIRA, Public Safety Canada, the Canadian Cyber Incident Response Centre (CCIRC) at Public Safety Canada and the CRTC have collaborated on the development and release of the DNSChanger Malware Checker, located at http://DNS-OK.ca/.
Once the user agrees to the Terms and Conditions, the DNS Checker will match the DNS Internet Protocol (IP) address employed by the user's computer against the known Operation Ghost Click IP addresses. When completed, the user is greeted by either a green banner, which indicates that their computer is not infected with the malware, or a red banner, which indicates that their computer system may be infected with the malware. If the banner is red, the user is encouraged to consult the Public Safety Canada website that provides further information on detection and removal of the DNSChanger malware.
"This type of initiative really speaks to the collaborative nature of the Canadian Internet community, and the key role CIRA plays," said CIRA's president and CEO Byron Holland. "CIRA is committed to providing Canadian Internet users with a safe, secure and trusted online experience and this DNS Checker provides an important resource for Canadians to screen their computer for the DNSChanger malware".
The DNSChanger Malware Checker does not screen for any other virus, malicious code or malware. The FBI and other entities have also releasd a DNSChanger ‘sniffing’ system.
The Canadian Internet Registration Authority is the member-driven organization that manages Canada's .CA domain name registry, develops and implements policies that support Canada's Internet community, and represents the .CA registry internationally.