DNS local cache spoofing with malware or RAT



  • I was learning networking and knew that browsers don't have algorithms to convert domain names to IPs. It queries a DNS server.

    After that, the computer remembers the IP, so next time the domain is referenced, the browser will use the cached IP.

    But if there is malware on the device, can it change the cached DNS data so when a user enters https://security.stackexchange.com/, the device sends traffic to a malicious IP? How it can be done?

    Or this logs are located in RAM?



  • I think it would be easier to change your browsers DNS address to point to a malicious domain, although I am not sure exactly where the DNS query address is stored within a browser directory.



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2