Home » Computer » DNS Hijacking – A trend started by Adware

Adware have always measured as the most irritating group of malware since the first malware came into play. Interrupting user’s browsing experience by displaying countless advertising banners and taking user to websites without their knowledge. If that isn’t worrying enough, getting rid of them is quite a big challenge in numerous cases. Gone are those days when you could eliminate such frustrating adware by just resetting or re-installing the web browsers. Now we see adware that stick your browser even if you re-install the whole Operating System.

DNS Hijacking – A trend started by Adware

DNS Hijacking

DNS is a facility that converts all the website names we type into our web browsers into their current IP addresses. DNS is configured on your router settings and in your computer network settings specifically. In one of the DNS hijacking tricks, a hacker attacks a server’s or a router’s weakness to access it and alters the DNS settings to infected ones. The device which is having its network configurations as DHCP or Automatic will get these infected DNSs from the router and allot it to the PC’s network configuration.

This permits a hacker to do malicious activities like:

  • Taking users to phishing websites that seem like a well-known website but are basically designed to fool users into sharing vital data like login ID and passwords, bank account information, etc.
  • To display advertisements on genuine websites.
  • Listening to, controlling, and redirecting network traffic.

As this issue is not in the browser or PC, no matter how many times the user rearranges the browser or reinstalls the Operating System, the problem is going to keep happening again and again.

DNS hijacking mainly happens due to the following reasons:

  • Visiting potentially risky websites like torrents and clicking on pop-up ads.
  • Vulnerable gadgets/router models those are not patched and updated.
  • PUAs getting installed on a device while installing genuine software.
  • Router/modem is arranged to a default/weak/factory security code.

Latest DNS hijacking incidents

A few days back, experts have observed several cases where they suspect the routers were hacked with suspicious DNS that caused website redirection. These DNS infection conditions can be primarily classified into the following 2 cases.

  • Safety error warnings in browsers.
  • Websites getting redirected to malicious websites.

Safety error warnings in browsers

In this situation, when the user opens any website, they get a safety alert asking them to install a safety plug-in.

Clicking on ‘INSTALL NOW’ will install the ‘plugin_install.exe’ file. In this situation, the downloaded file is not the installer for any safety plug-in but the installer for a DNS Changer malware along with extra components to do activities like bit coin mining.

Websites getting redirected to unsecured websites

In this condition, while users are browsing they get redirected to a infected website where they are told that their web browser’s Flash player is out of date and must be updated in order to use the services of the website like watching videos, etc.

But, the plug-in/extension that the website installs is not related to Flash but a third-party potentially unwanted application extension.

Pointer of infection

Below are a few infected IP addresses (DNS) that we have observed on affected devices:

  • 211.31.126
  • 166.239.90
  • 165.139.186

Tips to stay secure from DNS hijacking

  • Change the router’s password and username to a strong, unique one (see the router manual for instructions)
  • Upgrade your router with the current software or replace it totally if it cannot be updated. Also, while buying a new router/modem, go for a safer model to a less protected one.
  • If your device has suffered any such attack, you can try resetting your router configuration or change your DNS to Google Public DNS i.e. 8.8.8.8
  • Have a reliable Antivirus for your device and install it, to protect the device. Defencebyte Antivirus is one of the leading Antivirus software that can save your device from such attacks.