On July 9th, this coming Monday it has been predicted that thousands of people will be affected by an obscure malware that had in the past targeted vulnerable DNS servers.
As background a DNS server helps your computer to map a website url (www.website.com) to a computer address called an IP address (22.214.171.124), because humans are better at remembering names of things instead of numbers. However IP address numbers tell your computer which network and which computer within that network to connect to while accessing the internet.
Read more in our earlier blog post on What is DNS?
Now imagine someone could mess with this low level infrastructure and reroute it to another address or worse to an invalid IP address that is not being used. This would effectively prevent you from accessing the internet or web address (URL) because your computer would not be able to find the corresponding IP address to find the network and computer you are requesting.
The good news is that this issue has been fixed the bad news is that the DNS server(s) that were compromised were left running so internet users still using them for routing would not go offline, effectively severing internet connectivity for those users. However the plan is to turn off and pull the plug on the affected DNS servers on July 9th.
To check if you will be affected by the DNSChanger the FBI has setup a tool to to do a DNS check where you can enter your DNS information to see if your DNS server has been compromised.
There is a also a DNSChanger malware visual guide (PDF) available to help explain what you are looking for to see if you have been already compromised.
Google had also started notifying users back in May if they determined you were using one of the affected DNSChanger DNS servers when you accessed their services. You would have seen a warning message displayed.