Domain Name System (DNS) hijacking or DNS redirection is a kind of a malicious attack that takes over the TCP/IP settings of a computer and directs it to a scoundrel DNS server. This redirection invalidates default DNS settings. In simple terms, DNS hijacking is the process by which a hacker takes over a computer by changing its DNS settings to make it direct information to a rogue DNS server.
It is a common understanding that it is the DNS that largely interprets a user friendly domain name for instance google.com to its analogous IP address 184.108.40.206. To get a clear understanding of what DNS hijacking entails, begin by understanding what DNS is and how it works. If the concept of DNS is still unfamiliar to you, visit my previous post — How Domain Name System Works.
How DNS Hijacking Works
As intimated in the beginning, DNS is in charge of translating domain names to their equivalent IP addresses. Your Internet service provider (ISP) as well as other privately-owned businesses own and service this DNS service. Typically, your computer’s configuration is designed to use the DNS server from the ISP. Do not be surprised if your computer is using DNS services of reputable organizations such as Google at times. If this is case, your safety and normal operations are guaranteed.
But what if an attacker or a malware program gets unauthorized access to the computer and alter the settings? This means that your computer will shift to using a rogue DNS server owned and controlled by the malicious attacker. Once the hacker is in control, rogue DNS servers can now map domain names of target websites (for instance banks, search engines or networking sites) to IP addresses of harmful websites. So whenever you key in or paste the URL of website in the address bar, you will be directed to a fake one and not the genuine site you intended to visit. This can be a real problem for you!
How dangerous is DNS Hijacking?
The menace caused by DNS hijacking depends on the motive of the attacker. For instance, most ISPS including OpenDNS and Comcast rely on DNS hijacking to launch advertisement or collect consumer data. This is not a serious harm to users; however, it is a serious violation of RFC principles for DNS responses.
There are other risks associated with DNS hijacking including:
- Pharming: This involves hacking to a website to channel its traffic to another fake website. Take for example when trying to follow a link to Facebook.com and it directs you to another website with numerous pop-ups and advertisements. Mostly these are hackers trying to earn revenue from advertising.
- Phishing: It involves redirecting users to a malicious with similar design—graphics and usability as the original site. For instance, a user can be directed to a malicious website when log in to his bank account to allow hackers access the login details.
How to Avert DNS Hijacking
Malware programs such as Trojan horse are very popular for DNS hijacking by most attackers. Attackers distribute these Trojans as videos, audio codecs, video downloaders, youtube downloaders and other free applications. For the sake of your protection, it is advisable that you keep off any untrusted websites offering free downloads. One of the most famous DNS hijacking incidences using a malware program was the DNS Changer Trojan that took over the DNS settings of more than 4 million computers to generate about $14 million profits from sham advertising.
Change your router’s default password to prevent hackers from changing the router settings by hacking the default password provided with factory setting. You can get extensive information on this topic by revisiting my post -How to Hack an Ethernet ADSL Router.
Install a powerful antivirus program and update it often to ensure around-the-clock protection against any malicious attacks.
What happens when I fall victim to DNS hijacking?
Do not panic if you suspect that you have been attacked using a malware program like DNSChanger. The recovery process is pretty simple and straightforward. You just need to authenticate your current DNS settings to ensure that you are not using blacklisted DNS IPs. Alternatively, you can reconfigure the DNS settings of the server by following guidelines of your ISP.
We hope that you will be able to protect yourself from DNS Hijacking using the information we’ve presented to you in this post.