An Introduction to DNS HiJacking

October 2, 2015 | Views: 14065

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Hello Readers…

DNS Hijacking (sometimes referred to as DNS Redirection) is a type of malicious attack that overrides a computer’s TCP/IP settings to point it to a rogue DNS server, invalidating the default DNS settings. When an attacker takes control of a computer to alter its DNS settings, the system has been DNS Hijacked.

The “Domain Name System (DNS)” is mainly responsible for translating a user friendly domain name such as “google.com” to its corresponding IP address “74.125.235.46″. Having a clear idea of DNS and its workings will help you better understand what DNS Hijacking is all about.

 

How does DNS Hijacking Work?

As mentioned above, DNS is responsible for mapping the user-friendly domain names to their corresponding IP addresses. The DNS server is owned and maintained by your Internet service provider (ISP) and many other private business organizations. By default, your computer is configured to use the DNS server from the ISP.  Your computer may even be using the DNS services of other reputed organizations like Google. You’re purported to be safe and everything seems to work normally.

But, imagine a situation where a hacker or a malware program gains unauthorized access to your computer and changes the DNS settings. Your computer now uses one of the rogue DNS servers that’s owned and maintained by the hacker. When this happens, the rogue DNS server may translate domain names of desirable websites (such as banks, search engines, social networking sites etc.) to IP addresses of malicious websites. When you type a website’s URL in the address bar, you may be taken to a fake website instead of the one you were intending. This could be deep trouble!

 

What are the Dangers of DNS Hijacking?

The dangers of DNS hijacking can vary depending on the intention behind the attack. Many ISPs such as “OpenDNS” and “Comcast” use DNS hijacking for introducing advertisements or collecting statistics. Even though this can cause no serious damage to the users, it’s considered as a violation of RFC standards for DNS responses.

Dangerous DNS Hijacking includes:

  • Pharming: This is where a website’s traffic is redirected to another website that’s fake. For example, when a user tries to visit a social networking website such as Facebook.com, he/she would be redirected another website that’s filled with pop-ups and advertisements. This is often done by hackers to generate advertising revenue.
  • Phishing: This is where users are redirected to a malicious website whose design (look and feel) matches exactly with that of the original one. For example, when a user tries to log in to his bank account, he/she would be redirected to a malicious website that steals his login details.

 

How can DNS Hijacking be prevented?

In most cases, attackers use malware programs such as a Trojan horse to carry out a DNS Hijacking. DNS Hijacking Trojans are often distributed as video and audio codecs, video downloaders, YouTube downloaders or as other free utilities.

To stay protected, avoid untrusted websites that offer free downloads. The DNSChanger Trojan is an example of one such malware that hijacked the DNS settings of over 4 million computers to drive a profit of about 14 million USD through fraudulent advertising revenue.

Also, remember to change the default password of your router, so hackers would be less likely to modify your router settings using the factory set password. For more details on this topic you can read my other post on “How to Hack Ethernet ADSL Router.”

Installing and maintaining a good antivirus program can offer a great deal of protection against any such attacks.

 

What if you’re already the victim of DNS Hijacking?

If you suspect your computer is infected with a malware program such as DNSChanger, don’t panic. It is fairly simple and easy to recover from the damage caused by such programs. Verify your current DNS settings to make sure that you are not using any of those DNS IPs that are blacklisted. Otherwise re-configure your DNS settings as per the guidelines of your ISP.

 

Thanks and please post your comments/questions below.

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
56 Comments
  1. Thanks for th info !

Page 11 of 11« First...«7891011
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel