DNSChanger
| DNSChanger | |
|---|---|
| Malware details | |
| Classification | Trojan horse |
| Family | DNSChanger |
| Isolation date | November 8, 2011 |
| Origin | Estonia |
| Author | Rove Digital |
| Technical details | |
| Platforms | Windows, OSX |
DNSChanger is a DNS-hijacking trojan horse. The work of an Estonian company known as Rove Digital, the malware infected computers by modifying a computer's DNS entries to point toward its own rogue name servers, which then injected its own advertising into Web pages. At its peak, DNSChanger was estimated to have infected over four million computers, bringing in at least US$14 million in profits to its operator from fraudulent advertising revenue.
Both Windows and Mac OS X variants of DNSChanger were circulated, the latter taking the form of a related trojan known as RSPlug. The FBI raided the malicious servers on November 8, 2011, but they kept the servers up until July 9, 2012 to avoid affected users from losing Internet access.