• United States



by Hamish Barwick

DNSChanger malware victims may face internet switch off: ACMA

Apr 10, 20122 mins
CybercrimeData and Information SecurityInternet

ACMA e-security operations manager: Up to 10,000 Australian internet users must remove malware before 9 July or face internet switch off

The Australian Communications and Media Authority (ACMA) has urged Australian internet users who may be DNSChanger victims to remove the malware from their computers before 9 July or face no internet service when domain name system (DNS) servers maintained by the FBI are switched off.

The ACMA e-security operations manager, Bruce Matthews, told Computerworld Australia that up to 10,000 Australians have devices which are infected with the malware.

According to Matthews, DNSChanger re-routes the affected person’s traffic through rogue DNS servers without their knowledge. The malware has been associated with click fraud whereby an unsuspecting user will be redirected from a legitimate website they are browsing to a malicious website.

The six cyber criminals behind the DNSChanger malware were arrested in November 2011 but the Federal Bureau of Investigation (FBI) took control of the rogue DNS servers and replaced them with legitimate servers.

“While the problems associated with DNSChanger have largely been removed, if you don’t take action to remove the malware and restore correct DNS settings you won’t be able to connect to the internet after 9 July when the servers which are currently being maintained under a court order from the FBI are turned off,” Matthews said.

The ACMA, CERT Australia and the Department of Broadband, Communications and the Digital Economy have developed a diagnostic website that will tell users if they have been affected with DNSChanger.

“Given there are a range of variants in the infection, we recommend that once someone has run the tool they go back to the website to test if they are still infected and try another tool,” Matthews said.

He added that ACMA was working with internet service providers to help inform their customers that may be infected with the DNSChanger malware so that most of the infected internet users will have got rid of the malware by 9 July.

Got a security tip-off? Contact Hamish Barwick at hamish_barwick at

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU