It looks like the increasing unwillingness of ISPs to just return a “host not found” response to the browser is starting to cause problems. ISPs have figured out that it’s easy to make money by intercepting DNS errors and redirecting browsers to ads. The ISPs justify this by saying that the DNS errors aren’t helpful and that they’re adding value, but it’s a transparent money grab.

As is so often the case with these kinds of schemes, the people who implemented it did an awful job, and opened a huge exploitable hole that enabled malicious sites to hijack real domains and impersonate their owners. I can’t help but wonder if the reason so many of these boneheaded money making schemes are rife with security holes is that the companies can’t find any decent programmers who are willing to build them.

I expect to see a lot more of this thing happening as ISPs continue to try to exploit their position between users and the sites they’re trying to reach.