DNS Hijacking: What is it and How it Works

DNS hijacking (sometimes referred to as DNS redirection) is a type of malicious attack that overrides a computer’s TCP/IP settings to point it at a rogue DNS server, thereby invalidating the default DNS settings. In other words, when an attacker takes control of a computer to alter its DNS settings, so that it now points to a rogue DNS server, the process is referred to as DNS hijacking.

As we all know, the “Domain Name System (DNS)” is mainly responsible for translating a user friendly domain name such as “google.com” to its corresponding IP address “74.125.235.46”. Having a clear idea of DNS and its working can help you better understand what DNS hijacking is all about. If you are fairly new to the concept of DNS, I would recommend reading my previous post on How Domain Name System Works.

How DNS Hijacking Works?

As mentioned before, DNS is the one that is responsible for mapping the user friendly domain names to their corresponding IP addresses. This DNS server is owned and maintained by your Internet service provider (ISP) and many other private business organizations. By default, your computer is configured to use the DNS server from the ISP. In some cases, your computer may even be using the DNS services of other reputed organizations such as Google. In this case, you are said to be safe and everything seems to work normally.

DNS Hijacking

But, imagine a situation where a hacker or a malware program gains unauthorized access to your computer and changes the DNS settings, so that your computer now uses one of the rogue DNS servers that is owned and maintained by the hacker. When this happens, the rogue DNS server may translate domain names of desirable websites (such as banks, search engines, social networking sites etc.) to IP addresses of malicious websites. As a result, when you type the URL of a website in the address bar, you may be taken to a fake website instead of the one you are intending for. Sometimes, this can put you in deep trouble!

What are the Dangers of DNS Hijacking?

The dangers of DNS hijacking can vary and depend on the intention behind the attack. Many ISPs such as “OpenDNS” and “Comcast” use DNS hijacking for introducing advertisements or collecting statistics. Even though this can cause no serious damage to the users, it is considered as a violation of RFC standards for DNS responses.

Other dangers of DNS hijacking include the following attacks:

Pharming: This is a kind of attack where a website’s traffic is redirected to another website that is a fake one. For example, when a user tries to visit a social networking website such as Facebook.com he may be redirected to another website that is filled with pop-ups and advertisements. This is often done by hackers in order to generate advertising revenue.

Phishing: This is a kind of attack where users are redirected to a malicious website whose design (look and feel) matches exactly with that of the original one. For example, when a user tries to log in to his bank account, he may be redirected to a malicious website that steals his login details.

How to Prevent DNS Hijacking?

In most cases, attackers make use of malware programs such as a trojan horse to carry out DNS hijacking. These DNS hijacking trojans are often distributed as video and audio codecs, video downloaders, YoTube downloaders or as other free utilities. So, in order to stay protected, it is recommended to stay away from untrusted websites that offer free downloads. The DNSChanger trojan is an example of one such malware that hijacked the DNS settings of over 4 million computers to drive a profit of about 14 million USD through fraudulent advertising revenue.

Also, it is necessary to change the default password of your router, so that it would not be possible for the attacker to modify your router settings using the default password that came with the factory setting. For more details on this topic you can read my other post on How to Hack an Ethernet ADSL Router.

Installing a good antivirus program and keeping it up-to-date can offer a great deal of protection to your computer against any such attacks.

What if you are already a victim of DNS hijacking?

If you suspect that your computer is infected with a malware program such as DNSChanger, you need not panic. It is fairly simple and easy to recover from the damage caused by such programs. All you have to do is, just verify your current DNS settings to make sure that you are not using any of those DNS IPs that are blacklisted. Otherwise re-configure your DNS settings as per the guidelines of your ISP.

13 Comments

  1. ozeum
    January 12, 2013 at 10:51 PM

    Thank you. I get much knowledge from u….


  2. Mr. Bukhari
    January 13, 2013 at 9:03 PM

    I am from Pakistan I feel glad letting you know that I find your posts very informative to read. Thank you for making these concepts interesting for us.


  3. M Kameswara Rao
    January 14, 2013 at 7:13 AM

    I am a 58 year old man working in State Bank of India & just out of interest or curiosity I subscribed to your updates of information. It is very illustrative, informative and exhaustive even to a layman like me. I thank you. Go ahead.


  4. DRG
    January 15, 2013 at 10:05 AM

    Thanks for the information :)


  5. vivek
    January 19, 2013 at 2:45 PM

    Its really good site.i just started a site to share technical news ..kindly have a look..its really worth.


  6. Leigh
    January 29, 2013 at 9:51 AM

    Clear and great explanations of :

    1. DNS Hijacking , and

    2. Hacking Ethernet ADSL Router

    Not having this knowledge can ruin a hosting business for a novice.


  7. afghan
    January 30, 2013 at 10:41 AM

    hello sir,
    yor working is favorable,
    sir, i hav 2 question,
    1, n usb hack tools, i download 5 exe tool nd copy to usb nd mad bat and .inf file too, when manualy i run .bat so working but autorun isnt working (perform a virus scan) nd i disable anti virus too.
    2. What is the diferent betwen ftp server side and ftp client side, and sir f u make a topic on ftp usage so wil be appreciat. Plz replay me.


  8. shreashth
    February 24, 2013 at 3:01 PM

    how to know someone’s IP address and control that computer using own computer?


  9. RAJIV SARKAR
    March 25, 2013 at 8:00 PM

    how to know someone’s IP address and control that computer using own computer?


  10. Wasiu
    September 10, 2013 at 3:28 PM

    Am glad to visit your site. please, am from Nigeria and am a novice in computer networking. but i wants to hack a network service for browsing without subscribing for its high charging fees. The name of the network is GLO Nigeria. I will be glad if you can help


  11. Anthony Vulgamore
    October 24, 2013 at 6:34 PM

    Go hacking is very informative especially for wanna be computer geeks like me. I love all the content you bring to the table and for free. You guys and gals are good people. Thank you


  12. homepage
    February 6, 2014 at 6:40 AM

    Hi there to all, the contents present at this website are genuinely awesome for
    people knowledge, well, keep up the nice work fellows.


  13. Usman
    March 28, 2014 at 9:42 AM

    thank u so much…./


Leave A Reply