Free Internet Security

DNS hijacking is also known as DNS redirection or DNS spoofing.

Domain name system hijacking is the process of redirecting the requesting IP address to servers other than the original requested DNS server.

DNS hijacking is used for malicious purposes, primarily for phishing. Technically speaking DNS hijacking does not fall in the category of cyber crime, however it may be a source or a tool that can be used to perform criminal activities.

DNS redirection is also used by certain internet service providers to redirect the HTTP traffic to their own servers for displaying advertisements. Internet service providers may use DNS redirection to collect statistics or to block specific websites that have been flagged as malicious or harmful by the users or customers.

DNS servers play a vital role in internet structure; they have the responsibility of translating the domain names requested by the user to their corresponding machine readable IP addresses. To accomplish a DNS hijacking and execute an attack the attacker or hacker first poisons or hacks the legitimate DNS server and transforms it into a rouge DNS server.

For this the attacker uses DNS changing Trojans to change the automatic domain name assigning service to manual domain name service. Now the DNS server translates the domain names to only those IP addresses that have been feed into it by the attacker.

These IP addresses belong to malicious and harmful websites also known as booby traps. Once the web surfer opens that website a malicious script could be injected in his computer or a virus can be transferred, sensitive information can be hijacked or his computer or machine might be bugged by a spyware.

If that website is actually harmful than this is called phishing. If the website does not pose a direct threat to the computer the attack would be called pharming.

There are basically two types of DNS redirections
1. DNS Cache poisoning
2. DNS ID spoofing