The Domain Name System (DNS) is a hierarchical naming system for computing resources connected to the Internet. Among other tasks, the DNS translates domain names meaningful to humans (such as “www.example.com”) into numerical identifiers associated with computing resources (such as “208.77.188.166”) in order to address and locate these resources worldwide.
In recent years, malicious programmers have begun exploiting various Internet browser flaws in an effort to redirect domain name resolution requests to compromised (“poisoned”) or rogue DNS servers. For example, when an unsuspecting user of a computing device visits a website controlled or compromised by a malicious programmer, the website may invoke a cross-site scripting attack that attempts to insert the address of a poisoned or rogue DNS server into the user's gateway device (such as the user's firewall, wireless access point, or router). Because residential gateway devices are typically delivered with default passwords in place, and since many users fail to change these default passwords during setup, such cross-site scripting attacks may access the user's gateway device using the device's default login information (obtained, e.g., from various publicly available sources, such as http://www.defaultpassword.com).
Once compromised, the user's gateway device may direct the user's computing device to the poisoned or rogue DNS server. The malicious programmer may then monitor the Internet activity of the user, waiting for the user to visit a website that contains or requires the disclosure of sensitive information (such as banking credentials). Once the user visits a suitable website, the malicious programmer may create a mock website that mirrors the legitimate website in question. The next time the user attempts to access the legitimate website, the malicious programmer may cause the poisoned or rogue DNS server to redirect the user's device to the mock website without the user's knowledge. The malicious programmer may then capture the user's sensitive information (such as banking credentials) without the user's knowledge.