DNS Servers Hijacking Traffic to Fraudulent Sites, Galore
According to the researchers of Google Inc. and the Georgia Institute of Technology, there are over 68,000 fake DNS (Domain Name System) servers online that divert traffic from corrupt computers to bogus Websites. The researchers revealed this fact in their paper published in the second week of February 2008.
The paper that went through peers' review offers a broad measurement to determine the number of fake DNS servers. It was formally introduced at the San Diego Network and Distributed System Security Symposium of Internet Society on February 11, 2008.
The researchers explained that for a DNS scam to work, a computer must have a virus change DNS settings so that it can redirect users to the malicious server. The researchers also said that in the hijacking of DNS servers, DNS queries look for private information ranging from login credentials for e-mail to credit account data by taking over the infected systems.
Attacks involving manipulation of DNS queries aren't new. Financially motivated hackers possess a high stimulus to control users' behavior online. Here, the paper marked the point that fake DNS servers don't necessarily give fake results. This is just the method used to fool users who believe that they are working properly on the Internet, the researchers explained.
Still, majority of the up-to-date antivirus systems block and expel the DNS viruses. If a computer is infected, then it needs to go through a scan by the latest anti-malware and have its DNS settings changed back to the original form.
Giving his views on the research thesis, Threat Researcher Paul Ferguson of Trend Micro Inc, a security vendor, said that many people fail to realize the severity of hijacking of DNS servers, as reported by the Associated Press on February 13, 2008.
Related article: DNS Servers Not Free of Vulnerability
» SPAMfighter News - 25-02-2008