FBI has arrested six people and is looking for a seventh person. The Google re-direct virus behavior was caused in part by what is called “rogue DNS servers” controlled by these individuals.

Information regarding the status of the investigation and other details can be found here: http://www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-malware.pdf

as well as the source article at CNET.com Security page here: http://news.cnet.com/8301-27080_3-57321844-245/seven-accused-in-$14-million-click-hijacking-scam/?tag=contentMain;contentBody Article by Elinor Mills posted yesterday.

One vector for the attack is via routers or modems that use the manufacturer’s default passwords, thereby allowing these people and others to change the DNS servers used by the consumer from the default ISP to ones that these people control.

Strongly suggest changing default passwords in your modems and routers if you have not done so already.

For more information about what to do if you are infected, please visit and read the above article and .pdf document.

Hope that avast detects such malware attempt to change DNS servers.
Hope that people stay in jail.

The justice system should hand out very stiff sentences for people like this! One guy crashed Castle Cops & put them out of business. Think he only got 2 months in jail for this. I miss that site!

This is an update re the developing story above: See here http://reviews.cnet.com/8301-13727_7-57322316-263/fbi-tackles-dnschanger-malware-scam/?tag=contentMain;contentBody that even though the subject matter is about the Mac OS, it is still relevant for all versions of Windows.

There are helpful links within this article that can help one determine whether they are infected with the DNSChanger Trojan, or if their router or modem has had the settings changed to other than default.

Avast!, as far as I know, detects this Trojan.

Interesting history: since 2007, this has been going on. :-\ :-\ :-\ 'Bout time this came to an end.

Not quite the reason CC shut down. While it’s true they suffered several DOS attacks the biggest reason was economics, less participants, less traffic. In the months leading up to the shut down they were doing a fundraising (by donation) for new servers. Unfortunately the cost and time commitment to running the site was more than the owners could bear. All money raised for the new servers was refunded and the site closed. Their database was distributed and is still being used.

During the DoS attacks one individual was sentenced to 2 years.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9096278