Controversial malicious DNS servers

Local ISPs hijacking web searches

On August, 06, 2011, Ars Technica published about small internet service providers redirecting search results. The article by Nate Anderson was titled Small ISPs use “malicious” DNS servers to watch Web searches, earn cash.

The was based on a study by Microsoft and the Polytechnic Institute of NYU. The results showed that “search queries and URL mistakes” were redirected.

The entire study is available and is titled “Inflight Modifications of Content: Who are the Culprits?”. The conclusion from the study was that 300 malicious servers affected more than 65% of clients from 9 ISPs.


A user enters a search or misspells a website name in the browser’s address bar. The usual suspects would be hackers or malware. But in this particular case, local ISPs are to blame for the hijacking of searches.


On August, 04, 2011, the Electronic Frontier Foundation (EFF) and UC-Berkeley’s International Computer Science Institute (ICSI) found the company that enables the hijacking. Technical Analysis by EFF and ICSI investigated Paxfire in an article titled “Widespread Hijacking of Search Traffic in the United States”.

Paxfire claims to generate revenue for their partners in the search advertising market. On its home page, Paxfire states “Paxfire is the proven industry leader in monetizing Address Bar Search and DNS Error traffic for Network Operators”.

Image Missing
Paxfire Home Page


Change your DNS server. There are free public dns servers. Some of the more popular free public dns servers are Google, Dnsadvantage, OpenDNS, Norton, Verizon, and ScrubIt. produced an article titled Setup Google DNS.

File a complaint with politicians so that regulation can be changed. In the UK, in 2008, service providers suffered a backlash after working with a company called Phorm which delivered targeted advertising. When users complained about Phorm’s data collection policies, several ISPs stopped using Phorm.

Join in a class action lawsuit by Reese Richman against Paxfire on grounds that it violates the US wiretap Act. On its home page, Paxfire refutes allegations in the lawsuit. Reports of lawsuit

Image Missing
Phorm Home Page


ISPs are not content to make money off the service you pay for. ISPs can monetize your URL mistakes by redirecting you to advertisers websites.

The reason hijacking searches and mistakes is unethical is due to permission. Users do not opt-in to this service and do not benefit. Only ISPs and advertisers benefit.


  1. Test a public dNS server.
  2. Change ISPs to one which is more ethical.
  3. Raise concerns about your privacy.
  4. For ISPs, give users an opt-out option.