No single DNS server holds all the IP addresses and corresponding domains in the world wide web. In order for us to access any website, it is necessary to have a DNS query translate our request into the internet language. DNS hijacking works by redirecting users to fake or malicious web pages and it is very hard to detect by common users.
There are two main types of DNS hijacking. The first one is known as pharming and it is a cyber attack intended to redirect a website’s traffic to another fake site. This is achieved with the classic ‘man in the middle’ approach that will intercept a user’s DNS request and redirect it to a compromised DNS server. By using a DNS switching Trojan to return incorrect IP addresses to a user’s machine, the request will lead users to a spoof website, similar to the one they were trying to access. This type of attack aims to collect personal data, such as financial information. Read More…