The malware was part of a scam that came to light last November when the U.S. Department of Justice accused seven Estonian and Russian men of orchestrating several different kinds of Internet fraud schemes. Users were infected with DNSChanger after they clicked malicious links or downloaded tainted software.
The malware sent infected computers to DNS servers that redirected millions of victims to websites they had never intended to visit.
Once the faulty DNS servers were discovered, a non-profit called the Internet Systems Consortium replaced the servers with the help of a court order. Paul Vixie, founder of the ISC, estimated that 500,000 devices were still connecting to the temporary servers. When the court order expires on July 9th, those temporary servers will be shut down, leaving hundreds of thousands without Internet, unable to have their Web page requests translated by a DNS server.
ISPs have reportedly tried to alert victims but their success has been negligible, in large part (according to Google) because notifications are usually in English, and only half of the affected users speak English as a primary language. Google says it will try to notify the victims within a week in their preferred language (or the language they use with Google’s products) and provide some recommendations to clean the devices and restore them to proper DNS servers.