Facebook warns of DNSChanger malware infection

Facebook has begun warning users whose computers are infected with the DNSChanger malware

Facebook has begun warning users whose computers are infected with the DNSChanger malware, a variant of the Zlob family of Trojans.

The malware is designed to tell the infected computer to use a rogue Domain Name System (DNS) server, which directs the browser to malicious websites instead of legitimate ones.

Facebook announced this week that it has joined the DNS Changer Working Group (DCWG) aimed at cleaning up the malware.

In 2011, an international group of law enforcement agencies arrested the group operating DNSChanger malware botnets.

"However, many computers impacted by the malware remain infected and are currently using interim systems to access the internet. Cleaning up the infected computers presents a challenge to the computer security industry," Facebook said in a blog post.

 "As a result of the arrests, all computers still infected with DNSChanger malware will no longer be able to access websites, e-mail, chat or social networking sites like Facebook, after July 9, 2012 when these temporary systems will be disabled," Facebook said.

The DNSChanger Working Group estimates that there are over 350,000 devices still infected with DNSChanger, out of the 4 million that were originally affected by the malware.

As a result of Facebook's work with the DCWG, the social networking site said it is now able to notify users likely to be infected with DNSChanger malware and direct them to instructions on how to clean their computer or networks.

Facebook's decision to notify users who have infected computers follows a similar decision by Google, which started alerting users of DNSChanger infections in May.

Read more on Privacy and data protection