DNS Hijacking: What Is It and How Does It Work?
DNS represents the abbreviation for a Domain Name Server which is used to interpret domain names such as www.yourdomain.com into an Internet Protocol (IP) address. The Internet Protocol address consists of numbers such as 188.8.131.52 that give the domain a unique identification. An IP address is one-of-a-kind and unique so it can be used to trace Internet activity back to the PC user as well as identify the exact location of a website. Domain names are used to identify websites because they are easier to remember than a series of numbers that make up an IP address.
How DNS Hijacking Works
DNS hijacking is used by hackers with malicious intent who redirect or "hijack" the DNS addresses to bogus DNS servers for the purpose of injecting malware into your PC, promoting phishing scams, advertising on high traffic websites, and any other related form of criminal activity.
Once the DNS address is hijacked to a bogus DNS server, it translates the legitimate IP address or DNS name into the IP addresses of malicious websites. DNS hijacking can occur with any website large or small and turn those websites into malicious websites without the knowledge of the Web surfer.
Since the website owners depend upon legitimate DNS server that are issued by their Internet Service Providers (ISP), DNS hijackers use malware in the form of a Trojan to exchange the legitimate DNS server assignment by the ISP with a manual DNS server assignment from a bogus DNS server.
When Web surfers visit the reputable websites with legitimate domain names, they are automatically hijacked to a malicious website that is disguised as the legitimate one. The switch from the legitimate DNS server to the bogus DNS server goes unnoticed by both the surfer and the legitimate website owner. This opens up the malicious website to perform any criminal act that the hacker wishes because the user thinks they are on the real website.
Other Dangers of DNS Hijacking
Another danger of DNS hijacking occurs when the surfer is unaware that they are on a bogus DNS server. If the user continues to surf on the bogus DNS server and they search for other websites, they most likely will end up visiting more malicious sites.
For example, let's say that they search for a website and the domain is non-existent due to a misspelling typed during the search. Generally a legitimate DNS server will display an error message or provide site suggestions that relate to what the user typed into the search. With a bogus DNS server, instead of the error message they will be directed to yet another malicious website because the server has been created for the purpose of performing criminal acts. Regardless of what is typed in, it malicious websites replace the error message.
DNS hijacking also promotes click fraud with such programs as Google Adsense. Since there are numerous DNS servers that are bogus, they form a network of websites which results in a lot of traffic. When you get a lot of traffic you of course get a lot of people clicking which results in click fraud. The hackers can rack up a lot of money with click throughs from programs like Google Adsense who pay a commission for each click.