DNS hijacking (sometimes referred to as DNS redirection)
is a type of malicious attack that overrides a computer’s TCP/IP
settings to point it at a rogue DNS server, thereby invalidating the
default DNS settings. In other words, when an attacker takes control of a
computer to alter its DNS settings, so that it now points to a rogue
DNS server, the process is referred to as DNS hijacking.
As we all know, the “Domain Name System
(DNS)” is mainly responsible for translating a user friendly domain name
such as “google.com” to its corresponding IP address “74.125.235.46″.
Having a clear idea of DNS and its working can help you better
understand what DNS hijacking is all about.
How DNS Hijacking Works?
As mentioned before, DNS is the one that
is responsible for mapping the user friendly domain names to their
corresponding IP addresses. This DNS server is owned and maintained by
your Internet service provider (ISP) and many other private business
organizations. By default, your computer is configured to use the DNS
server from the ISP. In some cases, your computer may even be using the
DNS services of other reputed organizations such as Google. In this
case, you are said to be safe and everything seems to work normally.
But, imagine a situation where a hacker
or a malware program gains unauthorized access to your computer and
changes the DNS settings, so that your computer now uses one of the
rogue DNS servers that is owned and maintained by the hacker.
When this
happens, the rogue DNS server may translate domain names of desirable
websites (such as banks, search engines, social networking sites etc.)
to IP addresses of malicious websites. As a result, when you type the
URL of a website in the address bar, you may be taken to a fake website
instead of the one you are intending for. Sometimes, this can put you in
deep trouble!
What are the Dangers of DNS Hijacking?
The dangers of DNS hijacking can vary
and depend on the intention behind the attack. Many ISPs such as
“OpenDNS” and “Comcast” use DNS hijacking for introducing advertisements
or collecting statistics. Even though this can cause no serious damage
to the users, it is considered as a violation of RFC standards for DNS responses.
Other dangers of DNS hijacking include the following attacks:
Pharming: This is a
kind of attack where a website’s traffic is redirected to another
website that is a fake one. For example, when a user tries to visit a
social networking website such as Facebook.com he may be redirected to
another website that is filled with pop-ups and advertisements. This is
often done by hackers in order to generate advertising revenue.
Phishing: This is a
kind of attack where users are redirected to a malicious website whose
design (look and feel) matches exactly with that of the original one.
For example, when a user tries to log in to his bank account, he may be
redirected to a malicious website that steals his login details.
How to Prevent DNS Hijacking?
In most cases, attackers make use of
malware programs such as a trojan horse to carry out DNS hijacking.
These DNS hijacking trojans are often distributed as video and audio
codecs, video downloaders, YoTube downloaders or as other free
utilities. So, in order to stay protected, it is recommended to stay
away from untrusted websites that offer free downloads. The DNSChanger
trojan is an example of one such malware that hijacked the DNS settings
of over 4 million computers to drive a profit of about 14 million USD
through fraudulent advertising revenue.
Also, it is necessary to change the
default password of your router, so that it would not be possible for
the attacker to modify your router settings using the default password
that came with the factory setting.
Installing a good antivirus program and
keeping it up-to-date can offer a great deal of protection to your
computer against any such attacks.
What if you are already a victim of DNS hijacking?
If you suspect that your computer is
infected with a malware program such as DNSChanger, you need not panic.
It is fairly simple and easy to recover from the damage caused by such
programs. All you have to do is, just verify your current DNS
settings to make sure that you are not using any of those DNS IPs that
are blacklisted. Otherwise re-configure your DNS settings as per the
guidelines of your ISP.
No comments:
Post a Comment