U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


  1. Home
  2. About Us
  3. Site Links
  4. Archived
  5. News Archive
  6. DNSChanger Malware Blog Post

Archived Content

In an effort to keep DHS.gov current, the archive contains outdated information that may not reflect current policy or programs.

DNSChanger Malware Blog Post

Posted by Rand Beers, Under Secretary for the National Protection and Programs Directorate (NPPD)

Cybersecurity is a shared responsibility, and each of us has a role to play. Emerging cyber threats require the engagement of our entire society—from government and law enforcement to the private sector and most importantly, members of the public. Increasingly, we are seeing sophisticated and fast-paced cyber criminal activity, but in many cases, prevention of cyber crime starts at home. 

Recently, a cybercrime ring initiated a massive, sophisticated Internet fraud scheme in which it launched malicious software, or “malware,” known as DNSChanger (short for Domain Name System Changer). This malware infected more than four million computers in 100 countries and may have prevented users’ anti-virus software from working correctly, allowing the malware to take control of the computers’ domain name systems, resulting in interference with Web browsing. 

As of April 10, there were still more than 84,000 infected computers inside the United States, and it’s possible that many users may not even know they were infected.  At DHS, our computer forensics specialists and electronic crimes task forces regularly work with partners at the Federal Bureau of Investigation (FBI)  to create a safe, secure, and resilient cyber environment.  In this case, we have reached out to enable a private sector nonprofit – the Internet Services Corporation – to assist users whose computers have been infected by the DNSChanger malware by maintaining “clean” DNS servers that support safer Web browsing. These servers will allow those affected by the malware to clean their affected computers and restore their normal DNS settings. 

I encourage everyone to keep your operating system, browser, and other critical software optimized by installing updates.  And, you can assess your own computer’s susceptibility for the DNSChanger malware at the industry-wide DNSChanger Working Group website.  In fact, I just tested my computer at home – the process was simple, straight-forward, and only took a few minutes.

Please act now. The clean servers maintained by the private sector in coordination with the FBI will expire on July 9, 2012.  Internet users who have the DNSChanger malware and whose Internet Service Provider (ISP) has moved them to one of the clean servers, may not have access to the Internet after this date.  In order to maintain proper cyber hygiene, we should all take advantage of the DNSChanger Working Group website to redirect this malware before the July 9 deadline to avoid any disruption of services or the loss of your Internet connectivity.  

DHS is committed to ensuring cyberspace supports a secure and resilient infrastructure, enables innovation and prosperity, and protects privacy and other civil liberties by design, but we need everyone, including our industry partners and the general public to do their part. 

For additional information on DNSChanger, please visit www.dhs.gov/nccic.
Last Updated: 09/20/2018
Was this page helpful?
This page was not helpful because the content