When we want to visit a website, we type the URL of the website in the address bar of the browser, and the webpage loads. We do not need to memorize the IP address of the website. This process is called Domain Name Resolution (DNS). And, the servers responsible for this Domain Name Resolution are called DNS Servers.
How does the Domain Name Resolution (DNS) work?
When we type the URL of a website in the address bar of the browser, our computer communicates with the Domain Name Servers or DNS Servers to resolve the IP address of the website. These DNS servers are coordinated by ICANN or Internet Corporation for Assigned Names and Numbers. Usually, our computer uses a DNS server that our ISP or Internet Service Provider uses.
So, our computer makes a DNS query with the URL to the DNS Server, and the corresponding DNS server responds with the proper IP address. And using this IP address, our browser opens the website in the browser.
What is DNS hijacking?
Our computer opens a website using the IP address that the DNS Server has returned. In the case of DNS hijacking, an attacker changes the DNS settings in a computer so that whenever the computer makes a DNS query to resolve some IP address, a rogue DNS server controlled by the attacker is contacted instead of the actual DNS server. This usually happens when the computer is infected by malware like the DNSChanger trojan. The malware infects a computer, changes the DNS settings, and replaces the authentic DNS Server with a malicious one.
As a result, the victim’s computer obtains a malicious IP address of the attacker’s website instead of the intended IP address, and the browser ends up opening the malicious website.
The purpose of DNS hijacking
An attacker may have many nefarious purposes behind DNS hijacking. One such purpose may be pharming (What is pharming and how to prevent it?), in which lots of innocent traffic is forwarded to a website to generate advertising revenue illegitimately. For example, you may type facebook.com and end up being on a website that is full of pop-ups and advertisements and is controlled by hackers to generate monetary revenues.
Another purpose may be phishing (What is phishing and how to prevent it ?). In that case, the attacker may create a website that looks like a legitimate website and asks for the actual username and password. The attackers can use those credentials to hack the victim’s account and do other malicious activities.
And, the other purpose may be spreading malware. If a malicious website opens up, it can easily spread …
0 Comments