Guide | How To DNS hijacking explanation

The associated guide may contain user-generated or external content.
L

LabZero

Thread author
Hello

General introduction

DNS hijacking (often also called DNS Redirection) is a type of attack that replaces the TCP/IP configuration of a computer and points to a malicious DNS server, thus invalidating the basic DNS configurations. In other words, when an attacker takes control of a computer to alter the DNS and point them to a malicious DNS server we talk about DNS hijacking.

As we all know (or maybe not everyone :D), the DNS (Domain name System) are the result of translation of a domain of a website to its corresponding ip address. (Example: we sail towards www.google.it (.com) but are there DNS route to the corresponding IP 216.58.209.99). If you need to delve into what are DNS : https://en.wikipedia.org/wiki/Domain_Name_System

How does a DNS Hijacking ?

Each DNS server is maintained and owned by your ISP (Internet Service Provider) and other private organizations. Normally, a computer is configured to use DNS servers from your ISP. in some cases you may use the DNS servers of some important organizations such as Google or OpenDNS. In these cases you can stay safe and to work normally.

But imagine now a situation where a hacker or malware obtained unauthorized access to your PC and change the DNS configurations, so that your computer uses a malicious DNS server maintained and managed by the attacker itself. When this happens, the malicious DNS server might translate the domain name of sites "desirable" (banks, Social Networks, etc.) during the IP of malicious sites. As a result, when I type the URL of the site could be taken on a phishing page, or something else. (Example: Type www.google.it (.com) and instead of being brought about legitimate IP 216.58.209.99 come redirect towards a site where there is a fake login).

What are some dangers of a DNS Hijacking ?

The dangers of a DNS Hijacking are many and can depend on the attacker's intentions. Many ISPs maintain DNS hijacking in order to introduce commercials or obtain statistics. Although this does not cause any kind of problem the user is regarded as violation of terms RFC for DNS answers.

Other dangers of DNS Hijacking might be the following attacks:

Pharming: This is a type of attack where a website's traffic is redirected to another (obviously false). For example, when a user tries to visit a social network as Facebook.com, he could be redirected to another website filled with pop-ups and advertisements. This technique is often used by hackers in order to generate traffic on their advertising.

Phishing: This is a type of attack where the user is redirected to a malicious site where the design (appearance and functions) resembles exactly with the original. For example, when a user tries to access his bank account, he may be redirected to a website that is designed to steal login credentials.

How to prevent DNS Hijacking attacks ?

In many cases, the attacker could use malware like trojans to advance his DNS Hijacking. These trojans are often obtained through programs that provide free stuff (which is usually for a fee) or through other tricks. Therefore, in order to be protected, it is advisable to stay away from this kind of software. An example of malware that changed the DNS could be the DNSChanger that infected and changed the DNS settings of about 4 million computers to achieve a profit of about 14 million dollars (USD) through advertising.

In addition, you must change your password to log in to your router, this makes it impossible for the attacker to change the settings of the router.

How to proceed if you have victims of DNS Hijacking ?

If you suspect that your computer is infected with a malware like DNSChanger, not scare you. It's very simple to fix the damage caused by this kind of programs. All you need to do is verify your settings.

Regards :)
 
Last edited by a moderator:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top