DNSChangeer (also known as RSPlug) and Qhost both have the same type of action – pushing adware to an infected machine. To achieve that, DNSChanger and Qhost was using a simple technique – either modifying the DNS configuration on the infected machine or modifying the host’s file to control what a user will view while surfing the net to push advertisements or redirect the user to different websites, Qhost was modifying the host file to do the same.In 2011 a wide operation of the FBI led to a takeover of the servers used by DNSChanger operator, since there was a concern that there are still many computers infected by this malware.The FBI temporary replaced the malicious servers so machines that were still infected wouldn’t lose internet access. The servers were officially shut down on 07/2012.
- DNSChanger Wikipedia
- FBI Operation Ghost Click takes out DNS Changer malware network operators
- DNSChanger F-SECURE LABS