Welcome on the Marathi Team Forum.
To take full advantage of everything offered by
our forum, please log in if you are already a
member or join our community if you're not
Log in

I forgot my password

Top posting users this week

Nimbuzz id Maker
freebuzz is my love :D

user name



DNS Hijacking: What it is and How it Works

Go down

Heart DNS Hijacking: What it is and How it Works

Post  slowdeath on Wed Feb 20, 2013 5:23 pm

DNS hijacking (sometimes referred to as DNS redirection)
is a type of malicious attack that overrides a computer’s TCP/IP
settings to point it at a rogue DNS server, thereby invalidating the
default DNS settings. In other words, when an attacker takes control of a
computer to alter its DNS settings so that it now points to a rogue DNS
server, the process is referred to as DNS hijacking.

As we all know, the “Domain Name System (DNS)” is mainly responsible for
translating a user friendly domain name such as “” to its
corresponding IP address “″. Having a clear idea of DNS and
its working can help you better understand what DNS hijacking is
all about. If you are fairly new to the concept of DNS, I would
recommend reading my previous post on How Domain Name System Works.

How DNS Hijacking Works?

As mentioned before, DNS is the one that is responsible for mapping the
user friendly domain names to their corresponding IP addresses. This DNS
server is owned and maintained by your Internet service provider (ISP)
and many other private business organizations. By default, your computer
is configured to use the DNS server from the ISP. In some cases, your
computer may even be using the DNS services of other reputed
organizations such as Google. In this case, you are said to be safe and
everything seems to work normally.

But, imagine a situation where a hacker or a malware program gains
unauthorized access to your computer and changes the DNS settings, so
that your computer now uses one of the rogue DNS servers that is owned
and maintained by the hacker. When this happens, the rogue DNS server
may translate domain names of desirable websites (such as banks, search
engines, social networking sites etc.) to IP addresses of malicious
websites. As a result, when you type the URL of a website in the address
bar, you may be taken to a fake website instead of the one you are
intending for. Sometimes, this can put you in deep trouble!

What are the Dangers of DNS Hijacking?

The dangers of DNS hijacking can vary and depend on the intention behind
the attack. Many ISPs such as “OpenDNS” and “Comcast” use DNS hijacking
for introducing advertisements or collecting statistics. Even though
this can cause no serious damage to the users, it is considered as a
violation of RFC standards for DNS responses.

Other dangers of DNS hijacking include the following attacks:

Pharming: This
is a kind of attack where a website’s traffic is redirected to another
website that is a fake one. For example, when a user tries to visit a
social networking website such as he may be redirected to
another website that is filled with pop-ups and advertisements. This is
often done by hackers in order to generate advertising revenue.

Phishing: This
is a kind of attack where users are redirected to a malicious website
whose design (look and feel) matches exactly with that of the original
one. For example, when a user tries to log in to his bank account, he
may be redirected to a malicious website that steals his login details.

How to Prevent DNS Hijacking?

In most cases, attackers make use of malware programs such as a trojan
horse to carry out DNS hijacking. These DNS hacking trojans are often
distributed as video and audio codecs, video downloaders, YoTube
downloaders or as other free utilities. So, in order to stay protected,
it is recommended to stay away from untrusted websites that offer free
downloads. The DNSChanger trojan is an example of one such malware that
hijacked the DNS settings of over 4 million computers to drive a profit
of about 14 million USD through fraudulent advertising revenue.

Also, it is necessary to change the default password of your router so
that it would not be possible for the attacker to modify your router
settings using the default password that came with the factory setting.
For more details on this topic you can read my other post on How to hack
an Ethernet ADSL Router.

Installing a good antivirus program and keeping it up-to-date can offer a
great deal of protection to your computer against any such attacks.

What if you are already a victim of DNS hijacking?

If you suspect that your computer is infected with a malware program
such as DNSChanger, you need not panic. It is fairly simple and easy to
recover from the damage caused by such programs. All you have to do is,
just verify your current DNS settings to make sure that you are not
using any of those DNS IPs that are blacklisted. Otherwise re-configure
your DNS settings as per the guidelines of your ISP.


Posts : 216
Points : 591
Reputation : 0
Join date : 2012-12-03
Age : 25
Location : delhi

View user profile

Back to top Go down

Back to top

- Similar topics

Permissions in this forum:
You cannot reply to topics in this forum