Skip to Content

CIRA participates in development of online DNSChanger Malware Checker for Canadians

Ottawa, April 20, 2012 - The Canadian Internet Registration Authority (CIRA), in collaboration with Public Safety Canada and the Canadian Radio-television Telecommunications Commission (CRTC), has developed an online DNS Checker to screen users’ computers for the DNSChanger malware.

Recently, through Operation Ghost Click, the FBI uncovered an extensive cyber criminal activity, whereas millions of computers around the world were infected with malicious software without the knowledge of the user. The malware, called DNSChanger, affected the Domain Name System (DNS) configuration of the user's computer system. The DNS is the system that changes domain names into Internet Protocol (IP) addresses (for example, cira.ca=192.228.29.1. For more on how the DNS works you can visit http://youtu.be/2ZUxoi7YNgs). The malware infrastructure, which affected over 20,000 Canadian IP addresses, redirected unsuspecting user's to rogue DNS servers, allowing the cyber criminals to manipulate the user's web activity. Because of the complexity and sophistication of this malware, detection and removal is challenging without the help of an IT security professional.

Due to its experience in managing the DNS in Canada, CIRA was approached by Public Safety Canada to assist in developing a tool that allows Canadian Internet users to detect if their computer is affected by the DNSChanger malware.

The result of this collaboration with the Canadian Cyber Incident Response Centre (CCIRC) at Public Safety Canada and the CRTC is the DNSChanger Malware Checker, located at http://DNS-OK.ca/.

Once the user agrees to the Terms and Conditions, the DNS Checker will match the DNS Internet Protocol (IP) address employed by the user’s computer against the known Operation Ghost Click IP addresses. When completed, the user is greeted by either a green banner, which indicates that their computer is not infected with the malware, or a red banner, which indicates that their computer system may be infected with the malware. If the banner is red, the user is encouraged to consult the Public Safety Canada website that provides further information on detection and removal of the DNSChanger malware. For more information please visit http://www.publicsafety.gc.ca/prg/em/ccirc/2011/in11-002-eng.aspx.

 “This type of initiative really speaks to the collaborative nature of the Canadian Internet community, and the key role CIRA plays,” said CIRA’s president and CEO Byron Holland. “CIRA is committed to providing Canadian Internet users with a safe, secure and trusted online experience and this DNS Checker provides an important resource for Canadians to screen their computer for the DNSChanger malware”.

The DNSChanger Malware Checker does not screen for any other virus, malicious code or malware.

-30-

About CIRA
The Canadian Internet Registration Authority is the member-driven organization that manages Canada’s .CA domain name registry, develops and implements policies that support Canada’s Internet community, and represents the .CA registry internationally.

For more information, please contact:

Tanya O’Callaghan
Communications Manager, Canadian Internet Registration Authority
(613) 237-5335 ext. 262
tanya.ocallaghan@cira.ca