Nex-Tech Header
We make life better by providing World Class Technology
Nex-Tech Help Desk
Mon. - Fri. 7AM - 11PM
Sat. - Sun. 8AM - 8PM
or call 888.565.3200

What is DNS Hijacking?

What is DNS Hijacking?

 

The DNS Hijacking that we've seen covers changes made to several Windows components. Windows uses registry values to help resolve domain names into IP Addresses. Hijacking these values can cause all programs that use the internet to be redirected to other pages for what appears to be no reason.

This can also be done by changing files on your computer, specifically changing the IERESET.inf file. When you click on "Reset Web Settings" on the Programs tab of Internet Options, your homepage, search page, and a few other sites get set to specified defaults, which are stored in C:\windows\inf\iereset.inf (C:\winnt\inf\iereset.inf for Windows 2000/NT users). When changes are made to the iereset.inf file, you get re-"infected" rather than fixed when you click Reset Web Settings in Internet Options. SearchALot uses this hijack.

Protocol manipulation is another potential hijack. A protocol is a "language" or a set of directives that Windows uses to "talk" to programs, servers, other computers, etc. Webservers use the "http:" protocol, FTP servers use the "ftp:" protocol, Windows Explorer uses the "file:" protocol. Introducing a new protocol or changing an existing protocol in Windows can have a deep, lasting effect on how Windows handles files. CommonName and Lop.com both register new protocols in Windows when installed.

Manipulation of the Windows Hosts file is yet another type of hijack. Windows uses the hosts file to lookup domain names before querying internet DNS servers. A change in this file can effectively make Windows believe that "www.google.com" has a different IP address than it really has. This makes the browser open the wrong page whenever you enter www.google.com into your browser. A broader example would be changing "auto.search.msn.com" to a different IP, thus making the browser open the wrong page whenever an invalid domain name is entered into the address bar.

What does all this mean?

DNS hijacking can prevent you from getting where you want to be online, can force your browser to display, and in some cases execute, harmful content on your computer, and can even aid in identity theft. Most of the time, it's just a difficult annoyance, but it has the potential to be a very serious issue. It can be confusing, intimidating and daunting for the casual internet surfer, but there are things that can be done to safeguard your computer and yourself.

How can I prevent DNS Hijacking?

Stay away from programs like CommonName, Lop.com, Webhancer, and New.net. Make sure your Administrator policies and profiles are in order. If you are unfamiliar with how to do that, contact your system administrator, computer manufacturer, or someone who does Windows-based troubleshooting and configuration. Install a good Pop-up Stopper, and keep it updated. Most importantly, make yourself aware of what is out there, what it does, and whether or not you really need it before you install it.

Sometimes it's difficult to even know when you're threatened by a DNS hijack risk. Because of this, it's good to have a utility like HiJackThis, and either be familiar with its processes, or have someone who is, to scan your system regularly.