"David H. Lipman" wrote:

> > Google DNS hijacking for displaying advertisements.
> >
> > ISP's have been doing this for years.
>
> I use 8.8.8.8 and don't see that.

I didn't say that google was doing that.

I said to use google to do a search to see who is.

One result:

==========
http://en.wikipedia.org/wiki/DNS_hij...lation_by_ISPs

A number of consumer ISPs such as OpenDNS[2], Cablevision's Optimum
Online,[3] Comcast,[4] Time Warner, Cox Communications, RCN,[5]
Rogers,[6] Charter Communications, Verizon, Virgin Media, Frontier
Communications, Bell Sympatico,[7] UPC,[8] T-Online,[9] Optus,[10]
Mediacom,[11], ONO[12] and Bigpond (Telstra)[13][14][15][16] use DNS
hijacking for their own purposes, such as displaying advertisements[17]
or collecting statistics.
===========

The hijack is usually used when a query is made for a non-existant
domain and the DNS server returns a result that points to a server
providing some sort of alternate content - usually containing
advertising - instead of the user seeing a 404 or some other browser
error.

The file-sharing / file-downloading domains that were "hijacked" by the
DOJ/ICE over the past few years are a good example of this (ie-
tvshack.net and many others).

The idea extends to DNS servers that operate in conjunction with content
servers that can generate the web-pages being sought by the user in real
time by accessing the real web page the user was browsing to, with the
intent of replacing in-page advertising with other advertising, or
adding a top or bottom banner ad.

I'm surprised I have to inform this concept to the readers of this
group.

I was wondering why, in this case of operating a white-hat DNS server
for the benefit of thousands or hundreds of thousands of trojanized
PC's, that this technique of injecting a banner-ad wasn't being done.

This would allow the users of those PC's to see a "friendly message" as
a banner ad on any website they browse to, telling them that their PC or
router has been hacked or trojanized - and how to remedy the situation.

Those users may not believe that they are seeing a benevolent (as
opposed to a malicious) message, but the effect nonetheless would be to
tweak them into thinking that something might be wrong with their system
and to seek out some trusted third-party remedy on their own.