EarthLink Redirect System Opening Opportunity to Hackers

Vulnerability in EarthLink's servers that deal with mistyped requests for Web pages enabled attackers to wage phishing attacks on Websites, revealed by a researcher on Internet security at the Seattle-based ToorCon security conference during April 18-20, 2008.

Dan Kaminsky, Director of penetration testing, IOActive, a security consulting company, said the flaw, which was fixed in the third week of April 2008, emphasized a basic security threat in the manner that some ISPs try to churn advertising earnings from wrongly typed Web addresses, as reported by Itvendordirectory April 21, 2008.

The bug was in the Domain Name Servers operating service called Barefruit, which EarthLink has been utilizing since August 2006 to send back Web pages with advertising and search terms to users who wrongly type a domain name.

In practice, when a request is made on the browser to a DNS server to connect to an IP address that actually is nonexistent, the DNS server sends back a message highlighting the error and indicating that the address does not exist. But, with Barefruit's servers, the inquirer is related that the IP address indeed exists and subsequently redirected to a page that shows suggested search phrases along with some advertising.

As the software doing the redirect contains a bug, attackers are able to hack the pages and execute their own JavaScript code. Additionally, when the browser handles this code in such a way as though it arrived from a genuine domain, hackers succeed to steal the users' cookies, set up fake Websites, and even log onto some Websites unlawfully.

The practice of generating earnings from mistyped domain names has been the subject of controversy previously too. In 2003, Verisign, a registrar for domain names, was forced to block a similar service called SiteFinder because it diverted Web surfers, when they typed domains that did not exist.

Further, there are other ISPs besides EarthLink that also are testing such a system. According to Kaminsky, Barefruit and other similar systems were being checked on Time Warner, Verizon, Comcast and Qwest that have engaged EarthLink to partially handle their network.

Related article: EarthLink Sues PeoplePC Spammers

» SPAMfighter News - 4/28/2008