DNS Hijacking Vulnerability Targets Google Analytics

Following the news that DNS hijacking vulnerability targets Google analytics. ESET provides its analysis on it.

ESET has analysed a Potentially Unwanted Application (PUA), named DNS Unlocker, hijacking victims’ computers to use rogue DNS servers. When the victims’ browsers look for google-analytics.com the rogue DNS server will point to a malicious server injecting additional JavaScript. This is done so that advertisements by DNS Unlocker are inserted into web pages using Google Analytics.

DNS hijackers are nothing new, nor usually even worthy of comment. What makes these recent versions of DNS Unlocker interesting is the trick they use to surreptitiously configure the victim’s computer’s DNS settings.