Malware is sometimes enabled by a rootkit, which is a type of software that can disguise what your computer is doing. Sometimes, it can even fool your anti-virus software. Once an attacker gains access to a compromised computer, it can perform just about any task you can, including changing settings.
Some may recall the 2005 scandal involving Sony BMG Music, which was accused of secretly including a rootkit in music player software that came with music CDs. The rootkit was designed to protect the copyright by limiting the consumers' access to the CD but it also amounted to a major security breach.
A nasty threat
While a rootkit is very hard to detect, it may be even harder to remove. In some cases it requires the replacement of hardware. Fortunately, rootkits are not as common as run-of-the-mill malware. In most cases, malware is used to direct your attention from what you are looking for and toward something that the attacker wants to sell.
To do this malware often attacks and changes your DNS server settings. Internet addresses are not words, like ConsumerAffairs.com, but a series of numbers, punctuated by periods. DNS servers provide the translation from the name you typed into your browser's address line to the numbers, which identify the site's real address.
Hackers have learned that if they can control a user’s DNS servers, they can control what sites the user connects to on the Internet. A malware called DNSChanger performs that task. By using malware to change the user’s DNS server settings, the criminal can force the user to go to a different site than the one the user actually wants.
Last July the FBI found and disabled a number of rogue DNS servers operated by malware hackers. As a result, the consumers whose machines were infected with DNSChanger found their machines would no longer connect to the Internet.
What to do