Fact Check

DNSChanger Virus

Warning about the DNSChanger virus.

Published July 5, 2012


Virus:   DNSChanger malware could knock users off the Internet on July 9.


Origins:   Thousands of computer users could lose access to the Internet on July 9 due to a virus, DNSChanger, that once infected approximately 4 million computers across the world.

The Federal Bureau of Investigation first gave details about the virus in November 2011, when it announced the arrest of the malware’s authors. The virus, as its name indicates, affected computers’ abilities to correctly access the Internet’s DNS system — essentially,

the Internet’s phone book. DNSChanger rerouted infected computers through servers controlled by a criminal ring based in Eastern Europe. The malware did this by taking advantage of the Internet's Domain Name System (DNS) service. The virus would redirect Internet users to fake DNS servers, often sending them to fake sites or places that promoted fake products.

The FBI shut down the operation and built a safety net of new servers to redirect traffic from those infected with the virus. But that safety net is going offline on 9 July 2012, meaning that users who are still infected with the virus will lose access to the Internet unless they remove it from their machines.

You can determine if your computer has the virus through a number of checker Web sites, such as the DNS Changer Working Group (DCWG) or the FBI.

If your PC is infected with the virus, you can run one of several trusted tools to get rid of the virus. The DCWG has a list of such tools on its site.

Additional information:  

    DNSChanger FAQ DNSChanger FAQ (c|net)

Last updated:   5 July 2012


    Paul, Ian.   "DNSChanger Malware Set to Knock Thousands Off Internet on Monday."

    PC World.   5 July 2012.

    Tsukayama, Hayley.   "What the ‘Internet Doomsday’ Virus Is and How to Fix It."

    Washington Post.   5 July 2012.

David Mikkelson founded the site now known as snopes.com back in 1994.