Google begins notifying users infected with DNS Changer

As the date set for the final shutdown of the infrastructure that keeps computers infected with the DNSChanger Trojan connected to the Internet is approaching at a fast pace, Google has decided to begin warning affected users that land on its search sites.

Google’s goal is to notify about half a million users whose computers and/or routers are infected by the malware, and to redirect them to pages where they can learn about the Trojan and how to remove it from their devices.

The warning has already begun appearing to infected users. It comes in different languages, and looks like this:

“Since the FBI and Estonian law enforcement arrested a group of people and transferred control of the rogue DNS servers to the Internet Systems Consortium in November 2011, various ISPs and other groups have attempted to alert victims,” Damian Menscher, a Google security engineer, explained.

“However, many of these campaigns have had limited success because they could not target the affected users, or did not appear in the user’s preferred language (only half the affected users speak English as their primary language). At the current disinfection rate hundreds of thousands of devices will still be infected when the court order expires on July 9th and the replacement DNS servers are shut down.”

Google is hoping that a warning from a trusted site such as Google and in the users’ native language might give better results. Still, Menscher says, the company does not give guarantees that their recommendations will always clean infected devices completely.

“Some users may need to seek additional help,” he concluded.