Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in you inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
  • Go

DNS-Rebinding Can Help Infiltrate Home PCs

A new security vulnerability makes numerous household routers vulnerable to attack as it helps hackers to compromise consumers' browsing sessions or infiltrate home PCs.

Craig Heffner, Researcher at Seismic (a security consultancy firm) elaborated on the vulnerability and issued a proof-of-concept for it at the Vegas (USA)-held Black-Hat Conference in July 2010, as reported by TheRegister on July 19, 2010.

The DNS-rebinding vulnerability affects kit approximately one-half of prevalent home router models like DSL versions or Verizon Fios; Dell, and most Linksys. Contrarily, it has been many years now that DNS rebinding are in existence.

To further elaborate, the attack exploits a component of the DNS (Domain Name System), This is an online technique of changing names of web-pages to IP address numbers. When a user goes to Google.com, then that domain name may be changed online to the IP address 72.14.204.147. Modern Web-browsers have protection measures against sites that try to access data which isn't at their authorized Internet Protocol address.

Heffner further states that the earlier attack version used enticing tactics to make a Web-surfer access a malware-laden site, but the present one utilizes a tactic for bypassing the same rule-of-origin. Hence, the present technique allows the penetration of a malicious JavaScript into vulnerable home PCs.

Moreover, the new version involves creating a website for attack with active malware. This implies that the IP address of a visitor is made to appear as another IP address of the attack website, giving the latter a status of trust.

Once the visitor lands on the booby-trapped website, its malicious script converts into a different IP address which is really his own IP address. Consequently, the script gains admission into the visitor's PC, potentially compromising his browser and take control over his router settings.

Finally, the new attack is different from other DNS-rebinding methods. It doesn't need former information about the attacked router like its model, host name, inside IP address etc. Moreover, it doesn't depend on any method for pinning DNS that helps it to bypass existing safeguards for DNS-rebinding.

Related article: DNS Servers Not Free of Vulnerability

ยป SPAMfighter News - 31-07-2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next