Small ISPs use "malicious" DNS servers to watch Web searches, earn cash

Nearly 2 percent of all US Internet users suffer from "malicious" domain name system (DNS) servers that don't properly turn website names like into the IP addresses computers need to communicate on the 'Net. And, to make matters worse, the problem isn't caused by hackers or malware, but by the local ISPs people pay for access to the Internet.

Though the 2 percent number might sound low, it's astonishingly high for a core Internet function, as is clear from the fact that no other country—apart from Haiti—sees more than 0.17 percent malicious DNS servers. What's gone wrong in America?

According to researchers from Microsoft and from the Polytechnic Institute of NYU, the malicious DNS servers exist to make a little extra cash for Internet providers. A detailed experiment (PDF) carried out between September 1 and October 31 last year found that most of these DNS servers stealthily intercepted and redirected search queries and URL mistakes, but only when these were entered from a Web browser's address bar. Go to and everything works as it should; search Bing through a browser address bar and you might be surprised at the results.

Continue reading