Trojan.Win32.DNSChanger is a backdoor trojan that redirects users to various malicious websites through the means of altering the DNS settings of a victim's computer.
[2] DNS changer trojans are dropped onto infected systems by other means of malicious software, such as TDSS or Koobface.
Therefore, it performs several actions on behalf of the attacker within a compromised computer, such as changing the DNS settings in order to divert traffic to unsolicited, and potentially illegal and/or malicious domains.
The user's browsing activity is manipulated through various means of modification (such as altering the destination of a legitimate link to then be forwarded to another site), allowing the attackers to generate revenue from pay-per-click online advertising schemes.
As a result of this change, the victim's device would contact the newly assigned DNS server to resolve names of malicious webservers.