DNS Attacks to Come from Web 2.0 Phishing Sites
Researchers have revealed a huge network of bogus servers that put end users at risk by quietly exposing them to fake copies of legitimate and trusted websites.
This Internet service is an equivalent of service by a telephone directory but it intentionally supplies a faulty list when a person searches the Bank of America number, for instance. Instead of pointing to the true website, a victim is directed to counterfeit sites that about 6,800 servers direct to, according to a researchers' team from the Georgia Institute of Technology and Google.
The researchers have recorded an estimated 17 Million 'open-recursive' DNS servers, most of which produce accurate information. The open-recursive servers are specially designed to answer all requests of DNS from any Internet-connected computer, a function that hackers too find useful in hijacking and gaining control of others' computers.
Researcher David Dagon at Georgia Tech, who is also co-author of the paper, said that few people are witness to such crimes. PC World published Dagon's statement on December 11, 2007.
Dagon also said that instead of creating a buffer overflow, or writing a crafty rootkit, or waiting till vulnerability is discovered and exploited, the malware developers are now rewriting and changing users' DNS settings. The Register published the statement of Dagon on December 11, 2007.
This is not the first DNS-type attack that has occurred. Online crooks have been modifying DNS arrangements in computers of their victims over the past four years at least. And now they are exploiting the expertise and technology to successfully launch this innovative attack much more widely. While initially the attackers employed computer viruses to alter the settings, of late they are using web-based malware.
Chief Technology Officer at the Internet Security Systems unit at IBM, Chris Rouland, said that he anticipates even more of such DNS attacks to be triggered from Web 2.0 websites in the approaching months because with these, the bad guys can easily mix up web pages of various origins, including the more trustworthy ones. Computer World published Rouland's statement on December 11, 2007.
Rouland added that such types of attacks truly represent phishing of the next-generation.
Related article: DNS Servers Not Free of Vulnerability
» SPAMfighter News - 23-12-2007