Nearly 2 percent of all US Internet users suffer from "malicious" domain name system (DNS) servers that don't properly turn website names like google.com into the IP addresses computers need to communicate on the 'Net. And, to make matters worse, the problem isn't caused by hackers or malware, but by the local ISPs people pay for access to the Internet.
Though the 2 percent number might sound low, it's astonishingly high for a core Internet function, as is clear from the fact that no other country—apart from Haiti—sees more than 0.17 percent malicious DNS servers. What has gone wrong in America?
According to researchers from Microsoft and from the Polytechnic Institute of NYU, the malicious DNS servers exist to make a little extra cash for Internet providers. A detailed experiment (PDF) carried out between September 1 and October 31 last year found that most of these DNS servers stealthily intercepted and redirected search queries and URL mistakes, but only when these were entered from a Web browser's address bar. Go to Bing.com and everything works as it should; search Bing through a browser address bar and you might be surprised at the results.
The Microsoft/Polytechnic research named names, compiling a list of
nine ISPs who last year seemed to purposely run the malicious DNS servers: Hughes, Frontier, Cavalier, FiberNet, Spacenet, Onvoy, WOW , Cincy B., and SDN. The paper noted that end users can switch from their ISP-provided DNS server to a public server (Google runs such servers, for instance, at 8.8.8.8 and 8.8.4.4) to avoid the problems.http://arstechnica.com/tech-policy/news/2011/08/small-isps-turn-to-malicious-dns-servers-to-make-extra-cash.ars