DNS Hijacking is the practice of hijacking the resolution of DNS names to IP addresses by the use of rogue DNS servers, particularly for the practice of phishing, or the practice of some ISPs resolving otherwise non-existent domains to the ISPs own servers.
Rogue DNS server
A rogue DNS server translates legitimate domain names (of search engines, online banks, online brokers, etc.) into IP addresses of malicious websites. Most users depend on DNS servers automatically assigned by their ISPs. Zombie computers use DNS-changing trojans to invisibly switch the automatic DNS server assignment by the ISP to manual DNS server assignment from rogue DNS servers. When users then try to visit legitimate domain names, they are sent to another bogus website. This attack is termed pharming. If the site they are redirected to is a malicious website, masquerading as a legitimate website, in order to fraudulently obtain sensitive information.
Rogue DNS server
A rogue DNS server translates legitimate domain names (of search engines, online banks, online brokers, etc.) into IP addresses of malicious websites. Most users depend on DNS servers automatically assigned by their ISPs. Zombie computers use DNS-changing trojans to invisibly switch the automatic DNS server assignment by the ISP to manual DNS server assignment from rogue DNS servers. When users then try to visit legitimate domain names, they are sent to another bogus website. This attack is termed pharming. If the site they are redirected to is a malicious website, masquerading as a legitimate website, in order to fraudulently obtain sensitive information.
Post a Comment