Although we have been warning users for a few months now, Google will begin to warn users to its search engine if they are infected with the DNSChanger malware and a link to disinfection instructions.

The DNSChanger malware switches the DNS server for another one, that intentionally answers the user's DNS queries with the incorrect IP address. When users tried to navigate to particular sites, those addresses were used to bring up manipulated versions in which the advertisements had been replaced.

Although the FBI seized the control of the malicious DNS servers, Google estimates that more than 500,000 users are still infected. It does not mention how they came up with that number. Users may still be unaware that they are infected as the servers under the FBI control will give them correct IP addresses. But that will only last until July 9th, when the court order expires. Anyone who has not realized that their system is infected and changed the DNS server by then will no longer be able to access the internet.

Google's plan makes sense, since the search engine is one of the most popular web sites, making it highly likely that a majority of the affected users will visit it by 9 July. Previously, users who wanted to check whether their system was using one of the DNSChanger servers had to be proactive and conduct an online check, for example at dnschanger.eu, which also includes disinfection instructions.