Google Warns: Clean Your PC or Lose Internet Access

Google has embarked on a final campaign to warn the remaining half million PCs it estimates could still be infected with the DNS-Changer malware that they risk losing Internet connectivity on July 9. Starting this week, any users of Google's search tools who are detected redirecting to DNS-Changer's now substituted domains will be splashed the stark warning "Your computer appears to be infected" with an accompanying link offering remediation advice.

"While we expect to notify over 500,000 users within a week, we realize we won't reach every affected user. Some ISPs have been taking their own actions, a few of which will prevent our warning from being displayed on affected devices," said Google's warning. As many as half the users affected by DNS-Change do not speak English and had not reacted to warnings already issued by the FBI and others, Google believed.

DNS-Changer was the work of an Estonian criminal gang that recruited PCs into the bot without hindrance for several years until being busted by law enforcement Operation Ghost Click in November 2011. Once infected PCs all browser visits were redirected through the gang's own DNS servers, now kept alive by court direction simply to give infected users time to unhitch themselves from these machines. Estimates on infection vary but it is believed that at its peak DNS-Changer infected four million PCs, including sizable numbers inside large US companies. An original cut-off date of March 8 was extended to July 9 to allow more users to remove the malware. Given the widespread warnings issued by numerous companies over several months, it is likely that a significant number of users will not react in time. Google's latest campaign follows up on a similar one launched as long ago as last summer. Advice on dealing with DNS-Changer can be found from a number of sources but removing the re-dicrection might not be the end of a user's troubles - in recent times DNS-Changer infection was often accompanied by other forms of malware that will need to be dealt with separately.