The Australian Communications and Media Authority (ACMA) warned Windows and Mac DNSChanger Trojan victims to remove the malware now or risk being cut off from the internet on 9 July 2012.In a statement issued Thursday the ACMA said there are approximately 10,000 Australian internet users currently infected with this malware.\u201cDNSChanger infections currently constitute around half the infections reported through the AISI (Australian Internet Security Initiative). The ACMA started reporting DNSChanger data to AISI participants as soon as it was made available to us in November 2011,\u201d ACMA\u2019s e-security operations manager Bruce Matthews told CSO Australia.Mathews said that in 2011-12 the average number of malware reports per day through to the end of February 2012 was 14,027 under the AISI, which works with dozens of Australia\u2019s ISP under the voluntary iCode infection notification system.The inclusion of DNSChanger infections, which AISI began collecting data on in November 2011, was apparently behind a huge surge in \u201cbot infections\u201d numbers through 2011 and 2012.DNSChanger was one of the largest botnets in the world, estimated to have infected four million Windows and OS X computers in a massive click-fraud and fake antivirus scheme, disrupted in late 2011 under the FBI\u2019s \u201cOperation GhostClick\u201d.The malware directed infected machines to \u201crogue\u201d DNS (domain name server) resolvers after manipulating a computer\u2019s DNS settings.Users of infected machines who might try to reach ACMA by typing acma.gov.au into their browser would be led to a different IP address, such as a fraudulent website that either led to more malware, fake antivirus or phishing sites.GFI Software (Sunbelt) shows how the malware impacts Windows on this You Tube video.The cut-off date for Australians is in line with the expiration of a US court order the FBI obtained this February that extended the Internet Systems Consortium\u2019s (ICS) authority to maintain \u201ctemporary clean DNS servers\u201d, designed to buy time for victims to remove the Trojan. The original order was 120 days.Australian ISPs will not be responsible for customers that experience connection problems after this date, ACMA\u2019s Mathews said.\u201cThe ACMA, CERT Australia and DBCDE are coordinating an effort to encourage Australian internet users infected by DNSChanger to remove this malware from their computing devices before 9 July 2012,\u201d he said.\u201cAs far as I know, no Australian ISPs have adopted \u2018temporary solutions\u2019 (for ISC\u2019s cut-off date). On 9 July 2012 the ISC will turn off the temporary DNS servers that currently enable computing devices infected with DNSChanger to connect to the internet.\u201dThe internet industry and governments across the globe have struggled to kill the botnet, despite efforts to notify consumer and enterprise victims.US security firm Internet Identity in February reported that half of all US Fortune 500 firms and 27 out of 55 major government agencies were still infected with the Trojan, security blogger Brian Krebs reported at the time.In early November 2011 -- when Estonian police arrested the six suspects behind a company Rove Media, which controlled the \u201cEsthost\u201d botnet, spread by DNSChanger -- \u201cvictims observed per day\u201d numbered over 800,000 worldwide.By January 2012 the number still sat at just below 500,000 (see graph), according to the The DNS Changer Working Group (DCWG).The Australian government has established the website dns-ok.gov.au for potential victims to check if their computers are infected and follow removal advice.\u201cIf you are infected, dns-ok.gov.au provides links to tools and detailed documentation that may help you remove the infection,\u201d ACMA said in its statement.The DCWG provides a range of IP addresses that would indicate whether a computer\u2019s DNS Settings have been altered by the Trojan. It also provides detection and clean up instructions for Windows XP, Windows 7, Mac OSX systems, and widely-used home routers from D-Link, Linksys and Netgear amongst others.Follow @CSO_Australia and sign up to the CSO Australia newsletter.____________________________________________________________________________________Register Today.\u00a0Consumerisation is inevitable.. So how secure is your data?Hear from Rob Livingstone, Michael Barnes, Steve Quane and Dave Asprey amongst others on the Evolution. Trends, Solutions and the Future of Cloud Security, limited seats register today through CSO.