DNS changing malware and why you should care ?

By | May 26, 2012

 

 

 

Hope most of you out here are aware about what  DNS  is all about .  For those who don’t  know , DNS or Domain Name Service translate your  friendly website addresses like google.com to the corresponding IP  address. So when ever you are you are accessing a website by typing the website address ( also called the URL )  to the address bar of your browser , your system is contacting the DNS server you mentioned on your network setting to resolve the web site address to the actual IP address.

 

The DNS server you are going to use is normally assigned to you by your service provider automatically though the DHCP service or it may the one you chose manually . It is not mandatory that you stick on to the DNS server provided to you by the service provider . You can use third party companies which gives the DNS service  like openDNS.com .

 

So if your DNS can resolve a particular web address to the IP address , it can also redirect you to a different site if they are giving you false information about the web site name to IP address relation.

But normally all those DNS servers are really good at heart and will lead you to the correct destination.

But there exist a chance that if a bad guy set a bad DNS server that will translate the  Facebook.com  to an ip address that contain a site that looks and feels just like Facebook.com and your machine is set to use that DNS server  , you are going to be the victim of  some thing just like a Phishing .

It is exactly what happens with a DNS changing malware.  

First of all some one is setting up a unfaithful DNS server which we normally call rouge DNS server which will provide you with false mapping of name to IP .

Second thing is they will create a malware  which when infects your system will just modify your DNS value to the IP address of this rouge DNS server.  So from that moment onward your web requests are tracked and sometimes redirected by this DNS servers.

Then your network is scanned by this malware and it will try to log  in to your routers with default username and passwords and if it succeeds in logging in it will modify the DNS data on those routers too and there by affecting the entire network.

There are two risks involved in these malwares . First of all there are is chance that you are being re directed to fake site and the second is that even if you are not re directed , your web usage data is being tracked which can be used against you at any time .

Hope you understand the basic threat posed by the DNS changing malware . Your comments are welcome

 

Leave a Reply

Your email address will not be published. Required fields are marked *