[3] Both Windows and Mac OS X variants of DNSChanger were circulated, the latter taking the form of a related Trojan known as RSPlug.
[6] On October 1, 2011, as part of Operation Ghost Click (a collaborative investigation into the operation), the United States Attorney for the Southern District of New York announced charges against six Estonian nationals and one Russian national connected to DNSChanger and Rove Digital for wire fraud, computer intrusion, and conspiracy.
[6] Estonian authorities made arrests, and the FBI seized servers connected to the malware located in the United States.
[7] While the court order was set to expire on March 8, 2012, an extension was granted until July 9, 2012, due to concerns that there were still many infected computers.
These included online tools that could check for the presence of DNSChanger, while Google and Facebook provided notifications to visitors of their respective services who were still affected by the malware.