If not redirected, please click here https://www.thesecuritybuddy.com/securing-dns/what-is-dns-hijacking/
When we want to visit a website, we
simply type the URL of the website in the address bar of the browser
and the webpage loads. We do not need to memorize the IP address of
the website. This process is called Domain Name Resolution.
And, the servers responsible for this are called DNS Servers.
How Domain Name Resolution Works
When we type a URL of a website in the
address bar of the browser, our computer contacts the Domain Name
Servers or DNS Servers to resolve the IP address of the website.
These DNS Servers are coordinated by ICANN or Internet Corporation
for Assigned Names and Numbers. Normally, our computer uses a DNS
Server which is used by our ISP or Internet Service Provider.
So, our computer makes a DNS query with
the URL to the DNS Server and the corresponding DNS Server responds
with proper IP address. And, using this IP address our browser opens
the website in the browser.
What is DNS Hijacking
Our computer opens a website using the
IP address that the DNS Server has returned. In case of DNS
Hijacking, an attacker changes the DNS settings in a computer, so
that, whenever the computer makes a DNS query to resolve some IP
address, a rogue DNS Server controlled by the attacker is contacted
instead of the actual DNS Server used by our ISP. This normally
happens when the computer is infected by a malware like DNSChanger
Trojan. The malware infects a computer and then changes the DNS
settings, replacing the authentic DNS Server with a malicious one.
As a result, the victim computer
obtains a malicious IP address of attacker's website, instead of the
intended IP address and the browser ends up opening the malicious
website.
Purpose of DNS Hijacking
An attacker may have many nefarious
purposes behind DNS Hijacking. One such purppose may be Pharming,
in which lots of innocent traffic is forwarded to a website to
generate advertising revenue illegitimately. For example, you may
type facebook.com and end up being a website full of pop-ups and
advertisements and controlled by hackers to generate monetary
revenues.
Another purpose may be Phishing.
In that case, the attacker may create a website that looks like a
legitimate website and asks for actual username and password. The
attackers can use those credentials for hacking the account and doing
other malicious activities.
And, the other purpose may be spreading
malware. If a malicious website opens up, it can easily spread
malware even on just visiting the website, using Drive-By
Download.
Prevention Mechanisms
There are a couple of steps that we can
take to prevent DNS Hijacking.
- Keep your Operating Systems updated with recent patches. Most of the cases, malware infects a computer exploiting the security vulnerabilities of Operating Systems. Normally, the more updated an Operating System is, the less vulnerabilities it has.
- Keep your browser or other commonly used software updated with recent patches, so that they have less security vulnerabilities.
- Keep your computer updated with an anti-malware program from a trusted source.
- Do not download any software from any untrusted sources. They are very likely to contain malware.
- Use a good firewall. Though hardware based firewall is the best, but in case you do not have it, you can turn on router firewall.
- In case you are a victim of DNS Hijacking, do not panic ! Recovering from DNS Hijacking is fairly simple. Look into your DNS Settings and check whether it contains any suspicious looking blacklisted DNS Servers. If yes, simply change the DNS Settings as per your ISP's guidelines and remove the malware with a good anti-malware program.
So, beware of the recent threats so
that you can protect yourself better and stay safe, stay secured.
No comments:
Post a Comment