DNS Hijacking: What Is It and How Does It Work?

DNS represents the abbreviation for a Domain Name Server which is used to interpret domain names such as www.yourdomain.com into an Internet Protocol (IP) address. The Internet Protocol address consists of numbers such as that give the domain a unique identification. An IP address is one-of-a-kind and unique so it can be used to trace Internet activity back to the PC user as well as identify the exact location of a website. Domain names are used to identify websites because they are easier to remember than a series of numbers that make up an IP address.

How DNS Hijacking Works

DNS hijacking is used by hackers with malicious intent who redirect or "hijack" the DNS addresses to bogus DNS servers for the purpose of injecting malware into your PC, promoting phishing scams, advertising on high traffic websites, and any other related form of criminal activity.

Once the DNS address is hijacked to a bogus DNS server, it translates the legitimate IP address or DNS name into the IP addresses of malicious websites. DNS hijacking can occur with any website large or small and turn those websites into malicious websites without the knowledge of the Web surfer.

Since the website owners depend upon legitimate DNS server that are issued by their Internet Service Providers (ISP), DNS hijackers use malware in the form of a Trojan to exchange the legitimate DNS server assignment by the ISP with a manual DNS server assignment from a bogus DNS server.

When Web surfers visit the reputable websites with legitimate domain names, they are automatically hijacked to a malicious website that is disguised as the legitimate one. The switch from the legitimate DNS server to the bogus DNS server goes unnoticed by both the surfer and the legitimate website owner. This opens up the malicious website to perform any criminal act that the hacker wishes because the user thinks they are on the real website.

Other Dangers of DNS Hijacking

Another danger of DNS hijacking occurs when the surfer is unaware that they are on a bogus DNS server. If the user continues to surf on the bogus DNS server and they search for other websites, they most likely will end up visiting more malicious sites.

For example, let's say that they search for a website and the domain is non-existent due to a misspelling typed during the search. Generally a legitimate DNS server will display an error message or provide site suggestions that relate to what the user typed into the search. With a bogus DNS server, instead of the error message they will be directed to yet another malicious website because the server has been created for the purpose of performing criminal acts. Regardless of what is typed in, it malicious websites replace the error message.

DNS hijacking also promotes click fraud with such programs as Google Adsense. Since there are numerous DNS servers that are bogus, they form a network of websites which results in a lot of traffic. When you get a lot of traffic you of course get a lot of people clicking which results in click fraud. The hackers can rack up a lot of money with click throughs from programs like Google Adsense who pay a commission for each click.

Log in or sign up to comment.

Post a comment

Log in or sign up to comment.

Fraud causes hundreds of millions of dollars in damage each year and affects just as many people.

Credit card fraud is the most common type of fraud to occur each year and cost its victims up to $500 million dollars in damages each year. Despite the frequent occurrence of this type of fraud, millions of credit card users are still unaware of how to protect themselves against this type of thievery.

No one is completely safe from being defrauded. But, by learning how to protect against fraud, you will be better equipped to prevent yourself from falling into a scam that could cost you everything. Taking the time to protect yourself can help to keep you safe.