DNS Hijacking - How does it work?

Posted by Muhammed Posted on Sunday, March 04, 2012

One day when I turn on the computer, I have noticed that my Antivirus program is not functioning properly and was not getting the update. Also if I search something in Google or any search engines it redirecting me somewhere else other than my search queries. Later I realized somehow my DNS IP address is changed and that causing the problem.

DNS represents the abbreviation for a Domain Name Server and it provides host name resolution for TCP/IP networks by translating host name to IP Address and vice versa. Domain names are used to identify websites because they are easier to remember than a series of numbers that make up an IP address.

Hackers using rogue DNS servers to inject malwares on PC by redirecting the search queries. Once the DNS address is hijacked to a rogue DNS server, whenever the users access any site suppose 'Google.com", the request is sent to the Rouge DNS server which uses the query to display relevant ads to the query. This is also used to stop the Antivirus and Windows from getting update and access the secured websites.

Another danger of DNS hijacking occurs when the user is unaware that they are on a bogus DNS server. If the user continues to surf on the bogus DNS server and they search for other websites, they most likely will end up visiting more malicious sites.
Rogue DNS IP Ranges 

Symptoms if computer infected with DNS Changer Trojan

  • Search Redirection
  • Unable to access any secured website
  • Not able to complete the Windows and Antivirus update

How do I check the DNS address?

  1. Open Command prompt (Start->Run->Type ‘cmd’)
  2.  In command prompt, type the command ipconfig /all and press enter

What should do if DNS Hijacked?

  • Contact ISP and change the Rogue DNS IP Address
  • Scan your computer with Antivirus program