DNS (which stands for Domain Name Service) translates the URLs you type into your web browser into the websites that appear on your computer. But how does that magic happen?
Few users give much thought to the DNS service their Internet Service Provider (ISP) uses. But if your DNS queries become corrupted by malware and stop working, you’ll definitely notice.
Here’s what DNS malware is and what you can do to keep it off your computer.
How DNS Malware Works
To understand how to prevent DNS malware, you must understand how the system works.
DNS servers convert an easy alphanumeric string of text (such as SafetyDetective.com) and direct it to the right server hosting that website. That server has an IP address which isn’t easy to remember at all.
You typically send these DNS queries through the service that your ISP subscribes to. If you ever tried to troubleshoot a connection that wasn’t working, you can choose to use a third-party DNS service such as OpenDNS or Google DNS to override your ISP’s selection. If you notice some numbers there that you don’t remember entering, there may be DNS malware working on your system.
The DNS server you unknowingly use could easily capture and record your entire browsing history. It could also redirect requests for a real banking website to a phishing domain to capture your user credentials.
Unfortunately, DNS malware has been around for a long time and continues to pose a significant threat to users. In addition to DNSChanger, a well-known trojan that originated in Estonia, Mac-specific malware has been developed that can both install bogus root certificates and change DNS settings—paving the way for sophisticated man in the middle attacks.
What You Can Do About It
The most important step to protect your machine from DNS-hijacking malware is to install a comprehensive antivirus and internet security suite, such as:
Norton: Its multiple layers of real-time protection and crowdsourced download protection should be enough to make sure that rogue trojans are not downloaded. Its latest versions bundle antivirus, anti-malware, and internet security features, giving you protection on all possible fronts.
Comodo: Comodo comes with advanced protection against both viruses and malware. It also encourages users to manually submit code samples for investigation by their researchers. This is important for blocking DNS-changing malware, as users are often the first to notice that something suspicious on their systems. Comodo also offers multi-layered scanning, simultaneously checking the file system, registry, and system memory for any signs of malware.
Bitdefender: Bitdefender excels at malware blocking. It offers real-time scanning against advanced zero-day threats and a comprehensive definitions-based scanning engine. Our tests have given it high marks for identifying malware.
In addition to a security suite, users should manually inspect their network connections every few months to ensure that the DNS settings haven’t been tampered with.
Windows users can do that by clicking “view network connections,” navigating to the “networking” tab, and clicking on “properties.” If manual DNS servers have been configured that you didn’t set up yourself, you should change the setting to “obtain DNS server address automatically” and run a scan via your internet security program.
Make Sure Your DNS Settings Are Secure
DNS settings are a vital part of the internet that few users think about. But when cybercriminals tamper with them, the results can be catastrophic—allowing them to direct users to an endless amount of phishing websites. Installing a reliable internet security tool and conducting a manual inspection every few months are your best means of avoiding this scenario.