Google will notify users that their computer is infected with DNS-changing malware

[tezza]

It has been widely reported that the FBI and Internet Systems Consortium have been keeping formerly rogue DNS servers running to ensure internet access for millions of computer users who have been infected with malware that changed their DNS server. These rogue servers were used to feed ads or channel users to infected websites. The FBI recently announced that it would be shutting down these servers in July, potentially cutting off internet access for a large number of users who are caught unawares.

To prevent this, Google is going to use its popularity to notify users of infected computers. The search engine will notify users using a large warning at the top of a Google search results page. The warning will only appear on computers that are infected.

This announcement came on the Google Online Security Blog in a post by Google Security Engineer Damian Menscher. From the post:

Our goal with this notification is to raise awareness of DNSChanger among affected users. We believe directly messaging affected users on a trusted site and in their preferred language will produce the best possible results. While we expect to notify over 500,000 users within a week, we realize we won’t reach every affected user. Some ISPs have been taking their own actions, a few of which will prevent our warning from being displayed on affected devices. We also can’t guarantee that our recommendations will always clean infected devices completely, so some users may need to seek additional help. These conditions aside, if more devices are cleaned and steps are taken to better secure the machines against further abuse, the notification effort will be well worth it.

This isn’t the first time Google has used its considerable influence to try and help users protect their computers against malware. Last July, Google issued similar warnings to users who were being redirected through proxies by fake antivirus software.

http://www.webpronew...malware-2012-05

[Ambrocious]

The very last thing that I heard about those computers that were infected by the DNS switching malware was that the servers were seized by the FBI and they had been cleaned up and fixed yet even though this is the case, they still claim that the servers are a threat some how....which makes no sense at all.

Now Google is going to warn the users about a threat that could be easily fixed I assume by sending out the CORRECT code so that the FBI does not have to host the "infected" computers anymore, even though these computers no longer pose any threat at all because the servers are all fine now. What is the deal here? The FBI can't afford to host the servers anymore (unlikely) or maybe they are too lazy to send out the proper remote code to correct the DNS error?

As I said before, something doesn't add up here, the full information on this situation is not out yet, I am convinced of this.