Contributed by: Nono Gwabe
Date: September 5, 2008
DNS hijacking is the illegitimate modification of an individuals DNS server, through the manipulation of the corespondence between the DNS names to IP addresses with the use of Rogue DNS servers. Users usually use the DNS server automatically allocated to them by their Internet Service Providers. Computers under the control of botnets use DNS-changing Trojans to surreptitiously change the automatic DNS server commands by the ISP to manual DNS server commands from rogue DNS servers. By doing this it is easy for scammers to redirect users to their malicious duplicated websites and trick users into revealing sensitive details.
Scammers use the registry editor to hijack your DNS in the following manner. If you use Windows XP, go to the "run" option on your Start Menu, if you use Vista go to the "run box" on your start menu where the words " start search" are written. Type in 'regedit' . Once the Registry Editor is open double click on the following files;
Then go to 'NameServer'. The NameServer will reveal your PC's primary and secondary DNS. The spoofer can then double click on the NameServer and easily alter the the IP addresses to point to their malicious DNS servers, from which they can control which websites a user goes to. Scammers can use the DNS logs on their malicious DNS server to monitor your browsing habits, by so doing they can identify your top internet sites and redirect them. This is a simple method but can have disasterous effects when used for criminal motives.