Hackers Use Domain Names to Spoof Legitimate Companies
Researchers from MCRC or Malicious Code Research Center of security firm Finjan Inc. warn that a flaw in the process of domain name registration allows hackers to outwit Website blockers and increase the length of their attack time.
Hackers are paying to register with domain names that spoof legitimate companies but have spelling errors difficult to notice. Users who overlook the incorrect spellings could land up on a malware-embedded Web page that could infect their machines, according to Finjan CTO, Yuval Ben-Itzhak. SearchSecurity published this on November 15, 2007. Identifying the bogus domain names is an enormous task, which calls for an improved method of prevention of these assaults.
Further, since there is inadequate regulation of the process of domain name registration, attackers are able to construct a Website infected with malware using any of the available domain names provided it is not already registered. Criminals have manipulated the security flaw to create similar looking sites designed to host attacks on the Web.
With the speedy growth of malware and its sheer amount, it is nearly impossible to collect data in the same pace as the surfacing and withdrawal of malicious domains on the World Wide Web.
The tactics aren't particularly new. The practice of spoofing legitimate Websites and brands has always been the basis of phishing attacks. As a response to such kinds of threats, an organization called the CADNA (Coalition against Domain Name Abuse) was formed in early 2007. The organization's members are those people who had been victims of fake domain names.
In modern Web environment, it is getting more and more difficult to keep abreast with maliciously-formed content by just listing the malicious URLs or domain names, said Ben-Itzhak.
Efforts to track malicious scripts and then develop the anti-malware solutions or to classify known contaminated sites are at times not enough and too late in providing proper protection to the all pervasive and evasive Web attacks.
To protect users from such Web risks, enterprises should adopt inspection mechanisms that assess every part of the Web content, no matter what its IP address or URL name is.
Related article: Hackers Redirect Windows Live Search to Malicious Sites
» SPAMfighter News - 30-11-2007