Continuous DNS Exploitation for Communicating with Hijacked PCs
Security researchers have discovered cyber-criminals who are increasingly abusing the DNS (domain name service) procedure for exchanging messages with hijacked computers, thus reported Dark Reading dated March 27, 2012.
Essentially according to the researchers, the assault is a DDoS (Distributed Denial-of-Service) assault which aims at the DNS.
Delivering a talk at the RSA Conference held in February 2012, Senior Security Consultant Ed Skoudis for InGuardians said that increasing number of malicious programs would conceal their instructions as well as exfiltrated data within domain name service packs. Consequently, malware developers would be benefited in that despite a firm not allowing any potentially contaminated PC to go online, the malicious program might transmit DNS queries onto a local computer-server that by eluding security software would work like a proxy, he explained. Isssource.com published this on March 29, 2012.
Web-attackers frequently amass uncontrollable volume of data via numerous PCs that are online to inundate just one victim within one harmonized assault thereby creating a DDoS condition. Occasionally, this harmonization takes place voluntarily while all hackers utilize likewise devices for bombarding the victim with data.
Moreover, researchers from the Internet information and infrastructure security company Internet Identity state that overall, 5% or so of assaults have DNS signaling of some kind. According to Lars Harvey, CEO of the company, the DNS signaling communication goes undetected as the majority of users don't keep track of DNS. Darkreading.com published this on March 27, 2012.
Additionally, it's said that DNS components, characteristically of lower levels, may become targets of DDoS assaults, while such targeting in sufficient volume may begin causing hindrances to free Web-flows despite of the DNS made redundant.
Till now there has been more-or-less few applications of the tactic, as possibly 12 malware strains transmitted commands or data to botnets via resorting to the DNS.
Security researchers, however, say that it isn't so hard to detect DNS since its usage for establishing communication generates inconsistent information that can be easily spotted via keeping watch over DNS. Paradoxically, with the DNSSEC (Domain Name Service Security Extension) it could be convenient to conceal data transmitted via DNS.
Related article: Canadian Retailer Faces Security Breach of Customer Credit Numbers
» SPAMfighter News - 10-04-2012