In the final chapters of THE SEX TOURIST you can read about a hacking technique using Blackshades, but in this blog I want to write about another one. Despite keeping my anti-virus software up to date my laptop was hacked and my DNS was hijacked. They call this kind of cyber-attack DNS Hijacking or DNS Redirection.

A malware found its way to my laptop at some point in the past couple of months and hijacked my DNS. It switched ‘Obtain DNS server address automatically’ to ‘Use the following DNS server addresses’ and changed my Preferred DNS server to 146.112.61.107. I only discovered this recently because my laptop refused to connect to the Internet with the following message: ‘wi-fi doesn’t have valid ip configuration’.

After I removed this IP address and switched to ‘Obtain DNS server address automatically’ I managed to connect to the internet, but the malware immediately inserted two more DNS server addresses:

dns-redirection

By this time I was alert to the danger and kept resetting the switch until my anti-virus software managed to get rid of the malware.

DNS Hijacking could be dangerous. The victim is exposed to both ‘Pharming’ – when you click on Facebook or Twitter or any popular sight and the rouge DNS redirects you to a site full of adverts – and ‘Phishing’ – when for example you think you are logging on to your bank account, but the rouge DNS server redirects you to a fake page in order to harvest your login details.

On Windows 7 to 10 you can easily check your DNS settings by clicking ‘Properties’ on the following screen:

dns-trojans

You can get here though the Network Setup panels in various ways depending on your Windows version.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: