The group's website refers visitors to www.dns-ok.us where a check is run on the machine that is connecting. But the results aren't conclusive.

After running the check, the site pops up this notice: "Please note, however, that if your ISP is redirecting DNS traffic for its customers you would have reached this site even though you are infected. For additional information regarding the DNS changer malware, please visit the FBI's website at: http://www.fbi.gov/news/stories/2011/november/malware_110911"

The FBI site doesn't offer any more information about detecting whether machines are infected, but does refer back to www.dcwg.org.

Greene says that the check for infection requires no software download to the machine being tested. Instead, the machine sends a DNS query to a site set up by the testers who look at the DNS record on the query to see whether it came from one of the special Internet Systems Consortium servers. If so, that's an indication computer is infected.

If a victim's ISP has set up its own DNS servers to handle requests from infected machines, the test site will consider that a legitimate DNS source and conclude that the machine is not infected.