Hello Readers...DNS Hijacking
(sometimes referred to as DNS Redirection
) is a type of malicious attack that overrides a computer’s TCP/IP settings to point it to a rogue DNS server, invalidating the default DNS settings. When an attacker takes control of a computer to alter its DNS settings, the system has been DNS Hijacked.The “Domain Name System (DNS)” is mainly responsible for translating a user friendly domain name such as “google.com
” to its corresponding IP address “188.8.131.52″. Having a clear idea of DNS and its workings will help you better understand what DNS Hijacking is all about. How does DNS Hijacking Work?
As mentioned above, DNS is responsible for mapping the user-friendly domain names to their corresponding IP addresses. The DNS server is owned and maintained by your Internet service provider (ISP) and many other private business organizations. By default, your computer is configured to use the DNS server from the ISP. Your computer may even be using the DNS services of other reputed organizations like Google. You're purported to be safe and everything seems to work normally.But, imagine a situation where a hacker or a malware program gains unauthorized access to your computer and changes the DNS settings. Your computer now uses one of the rogue DNS servers that's owned and maintained by the hacker. When this happens, the rogue DNS server may translate domain names of desirable websites (such as banks, search engines, social networking sites etc.) to IP addresses of malicious websites. When you type a website's URL in the address bar, you may be taken to a fake website instead of the one you were intending. This could be deep trouble! What are the Dangers of DNS Hijacking?
The dangers of DNS hijacking can vary depending on the intention behind the attack. Many ISPs such as “OpenDNS” and “Comcast” use DNS hijacking for introducing advertisements or collecting statistics. Even though this can cause no serious damage to the users, it's considered as a violation of RFC standards for DNS responses.Dangerous DNS Hijacking includes:
How can DNS Hijacking be prevented?
- Pharming: This is where a website’s traffic is redirected to another website that's fake. For example, when a user tries to visit a social networking website such as Facebook.com, he/she would be redirected another website that's filled with pop-ups and advertisements. This is often done by hackers to generate advertising revenue.
- Phishing: This is where users are redirected to a malicious website whose design (look and feel) matches exactly with that of the original one. For example, when a user tries to log in to his bank account, he/she would be redirected to a malicious website that steals his login details.
In most cases, attackers use malware programs such as a Trojan horse to carry out a DNS Hijacking. DNS Hijacking Trojans are often distributed as video and audio codecs, video downloaders, YouTube downloaders or as other free utilities.To stay protected, avoid untrusted websites that offer free downloads. The DNSChanger Trojan is an example of one such malware that hijacked the DNS settings of over 4 million computers to drive a profit of about 14 million USD through fraudulent advertising revenue.Also, remember to change the default password of your router, so hackers would be less likely to modify your router settings using the factory set password. For more details on this topic you can read my other post on "How to Hack Ethernet ADSL Router."Installing and maintaining a good antivirus program can offer a great deal of protection against any such attacks. What if you're already the victim of DNS Hijacking?
If you suspect your computer is infected with a malware program such as DNSChanger, don't panic. It is fairly simple and easy to recover from the damage caused by such programs. Verify your current DNS settings to make sure that you are not using any of those DNS IPs that are blacklisted. Otherwise re-configure your DNS settings as per the guidelines of your ISP. Thanks and please post your comments/questions below.