Pay per click hijacking



Interesting article at lurhq.com on pay per click hijacking, which is really an extension on old DNS poisoning attacks. Essentially the DNS poisoning attack works like this…


Every domain name on the internet is really just an easy way to access the machine address or IP address. So google.com right now resolves to 216.239.39.99 for me and they have a round-robin record of sorts I think, so that I could check a few times and get a few different addresses, all under the control of Google.com and all legitimate. This lookup that happens though happens on Nameservers that are supposed to keep an accurate index of where these domains point. The catch comes when someone is able to poison the information in these nameservers. Let’s say someone is able to poison the server for www.google.com to point to 12.3.4.56 which is really under control of slimeyfraudsters.com. The page is made to resemble google and instead of google search results the search results are afilliate ads.

Under this scenario, 12.3.4.56 gets a lot of traffic, slimeyfraudsters.com gets lot’s of clicks (ad revenue from their affiliate ads.) In time things get righted and it’s hard to trackdown slimeyfraudsters. What can you do to protect against DNS hijacking. Not a lot really, this is something that ISP’s need to be concerned about. Obviously from time to time sites will do a redesign, but if something looks terribly amiss with a particular site. (CNN replaced with ads for who knows what), you might want to contact your ISP if things are terribly amiss. Unfortunately, they may suspect you have spyware and send you on a quest of cleaning up your own machine before you point the finger at them. Normally this kind of poisoning gets sorted out relatively quickly. It’s something worth being aware of though.
CNet news is reporting on this story as well.

   Send article as PDF   

Similar Posts