- DNS Changer Malware infects systems by adding rogue DNS servers to the network configuration, redirecting DNS queries to malicious websites. This allows attackers to hijack browsing to steal personal details or download other viruses. - The malware can be identified by being unable to access antivirus websites while other sites work, or by checking the IP addresses of DNS servers in the network settings against known rogue address ranges in the document. Running a DNS lookup test or examining DNS settings in the command prompt provides more advanced detection methods. - By manipulating DNS resolution, the malware is able to covertly redirect users to malicious or compromised websites without their knowledge, compromising privacy and security.

1. DNS Changer Malware
Surun Infocore Systems

2. DNS?
(What is that?)
Before Understanding DNS Malware –
Lets revise some important basics…

3. DNS
Domain Name System :
• As per Wiki –
– The Domain Name System (DNS) is a hierarchical distributed naming system for
computers, services, or any resource connected to the Internet or a private network.
– A Domain Name Service translates queries for domain names (which are meaningful to
humans) into IP addresses for the purpose of locating computer services and devices
worldwide. (This is where the real problem starts)
– The Domain Name System makes it possible to assign domain names to groups of
Internet resources and users in a meaningful way, independent of each entity's physical
location. Because of this, World Wide Web (WWW) hyperlinks and Internet contact
information can remain consistent and constant even if the current Internet routing
arrangements change. (This is the secrete essence of this problem)

4. DNS Server
DNS Server:
• DNS Server its important entity in translating IP Address into hostnames
(website names) or vice versa (hostnames to IP Address)
• Translating domain names/hostnames (websites) to IP addresses is known as Forward
DNS.
• Translating IP addresses to domain names/hostnames (websites) is known as Reverse
DNS.
• Let us understand how DNS Servers exactly work by illustrating it with an example

5. DNS Server
I need direction to connect to
www.Google.com
The domain name www.Google.com is not my
database, I will check with other DNS Server
DNS Server
Hey as per my database www.Google.com is mapped at following
IP Address 74.125.236.201
1
2 3
4
www.Google.com server
(IP = 74.125.236.201)
5
Hey, thank you for direction,
now I can connect to google.com
Working of DNS Server

6. IP Address Configurations
IP Configuration:
• Two methods are widely used to configure your computer`s IP Address
– Dynamic
• For user Dynamic IP Address Configuration is comparatively very easy because honestly user don’t have to do
anything here apart from clicking to “Obtain an IP Address Automatically” and then the system will
automatically sets IP address .
• Also like same, we can “Obtain DNS Server Address Automatically”
• Some Internet Service Providers (like Reliance Internet Connections, Tikona net connections) prefer this kind of
setting in your computer.
– Static
• In this case the IP address is assigned to the system, so that machine will have unique identification.
• We can set DNS Server also in same manual assignment method.
• Please note – here IP address you can set depending upon your network settings in office or home, but you need
to strictly input the DNS server details as provided by your Internet Service Provider only, if you change it to
anything else, then there is wide scope that Internet will not function

7. IP Address Configurations
Static IP Configuration for DNS provided by ISP BSNL (Pune):
To check further settings click to Advance (Here the real problem definition starts)

8. IP Address Configurations
Static IP Configuration for DNS provided by ISP BSNL (Pune):

9. DNS Changer Malware
DNS Changer Malware:
• The meaning of Malware – Malfunction Software –
– Any software which can introduce malfunction in system is known as Malware.
– This DNS Changer malware, put additional DNS Server address into IP Address
configurations, along with your regular DNS server Address.
– So , it will be very clear that, when ever user tries to connect to any website the DNS
Server reads his / her request (to connect to website) and re-direct the user to any other
websites, which may be harmful to your computer, like Adware websites.
– The meaning of Adware – Advertisement Software
• Any software which is responsible for showcasing various online advertisements on your computer are known
as Adware.
• Example of such advertisements will be.. “Your computer is infected with Viruses.. Please Scan your Computer
with our latest Online Antivirus FREE” and once user respond to this advertisement, the fake antivirus will get
installed in users system and it will open gateway for more other viruses and Trojans

10. Problematic DNS Server
I need direction to connect to
www.Good-Website.com
I am a Problematic DNS Server,
I will redirect this use to other website
1
2
3
(Problematic websites, which may steal personal details like
passwords and may download other viruses in system)

11. DNS Changer Malware
Identifications:
• Detection of this DNS Changer malware is made easy by some online
websites. You just have to visit http://dns-ok.us/
• The little bit tricky method (which I found when I was with this virus)
– Try to open website of any famous antivirus company
– This virus will not allow you open it.
– But rest all other websites will work superfine
– (Smart.. Yeah.. !!)
• For Advanced Users the more tricky method is explained on next slide

12. DNS Changer Malware
Identifications (For Advanced Users):
• Go to command prompt
• Execute – ipconfig /all
• Check for DNS Server
• It has been observed if DNS server IP Address is indicating, IP Address any
of following range then system is infected with this malware
From To
77.67.83.1 77.67.83.254
85.255.112.1 85.255.127.254
67.210.0.1 67.210.15.254
93.188.160.1 93.188.167.254
213.109.64.1 213.109.79.254
64.28.176.1 64.28.191.254