The arrest last week by the FBI of six Estonians for distribution of malware, though significant, is still only an indication of the far larger scope of malware. The Estonian crime ring was described as responsible for infecting four million computers globally and a half-million in the US alone since 2007 with DNSChanger malware that generated for them $14 million in illicit transactions.

DNSChanger is a type of malware called a Trojan Horse -- it changed the DNS settings on infected systems to point to rogue DNS servers that then redirected requests for legitimate sites to malicious sites that tried to steal personal and financial information. Even if no information was stolen, the redirects to fake URLs generated ad traffic income for the criminals. The Estonians began their infection campaign with Windows PCs and soon branched out to include Mac OS workstations and network routers. Legitimate DNS servers are the backbone of the Internet, directing users to the IP addresses behind the URLs of websites; rogue DNS servers can cause severe problems for all Internet users.

The FBI investigation, dubbed Operation Ghost Click, began in 2009 and culminated last week in the seizure of the hardware housing the rogue DNS servers and the arrest of the six criminals by Estonian legal authorities -- US authorities have begun extradition procedures. Because so many legitimate computers had been re-configured with the IP addresses of the fake DNS servers, authentic DNS servers with those same IP addresses were set up by the FBI to minimize the disruption for innocent computer users.

To aid those whose computers may have been maliciously re-configured, the FBI has set up a Rogue DNS Checkerwebsite to enable anyone to find out if they have been infected with this Trojan horse malware. First, you check the DNS settings of your own computer or router to see what IP addresses are being used to find DNS servers. Second, you manually enter each IP address on the secure FBI website to see if it is one of those set up for this rogue DNS infrastructure. If it is, you should contact your ISP or a local computer professional to find out what legitimate IP addresses should be used for finding DNS servers and how the DNSChanger malware can be removed.

Be aware that this version of DNSChanger is only one of many of the same type in action across the entire Internet. There are also many other types of malware that can cause significant damage to data centers and web hosting functions. Providers of hosting services should use this news as a way to educate their customers on the need to be vigilant and to inform customers of the availability of anti-malware solutions.