In early November, authorities in Estoniaarrested six men suspected of using the Trojan to control more than four million computers in over 100 countries — including an estimated 500,000 in the United States.

-

To prevent the disruption of Internet traffic – and likely to monitor where DNSChanger traffic was coming from – the feds replaced the criminals’ servers with clean ones that would push along traffic to its intended destination. Without the surrogate servers in place, infected PCs would have continued trying to send requests to aimed at the now-unplugged rogue servers, resulting in DNS errors.

-

But those servers are only allowed to operate until March 8, 2012. Unless the court extends that order, any computers still infected with DNSChanger may no longer be able to browse the Web.

-

Given the uncertainty of what the feds will decide, organizations and home users alike would be well served to tackle the problem now, whether than playing the ever-risky waiting game. Organizations can determine if they’re systems are infected with DNSChanger by contacting the DNS Changer Working Group.

Home users can check out the DCWG website for step-by-step instructions to determine if their systems are infected.

-

If feds pull down temporary DNS fix as planned, machines infected with DNSChanger Trojan won’t be able to access the Web