Browse > Home / Blog article: Phishing Attacks could be Untraceable

Phishing Attacks could be Untraceable

By Dave Nixon

February 14, 2008

Companies and users are subject to grave threat from an ambiguity in the Domain Name System (DNS) that could result in financial tricks such as virtually undetectable phishing attacks, according to a study presented this week by researchers from Georgia Tech and Google.

The researchers, David Dagon, Chris Lee and Wenke Lee of Georgia Tech, and Niels Provos of Google, officially offered their study “Corrupted DNS Resolution Paths” on Monday at the Network and Distributed System Security Symposium (NDSS) in San Diego.

The attack they illustrate, called “DNS resolution path corruption”, may possibly be executed by an uncomplicated bit of code fixed by means of a malevolent website or email attachment, the study said. The code would modify a file in the Windows registry settings, instructing the PC to use the malicious server for all DNS information.

This would permit scammers to imperceptibly steer users to the malicious sites of their selection, bypassing security tools such as anti-phishing software.

The exploit depicted in the new paper could result in serious financial liabilities, according to DNS inventor Paul Mockapetris. In a published report this week he said it is imminent that a criminal will appropriate up to $100m in a successful attack on a corporation.

The predicament is “open recursive” DNS servers, which are employed to inform computers how to discover each other on the internet by translating domain names like google.com into numerical Internet Protocol addresses. Criminals are facilitating these servers in amalgamation with new attack methods to develop a new generation of phishing attacks, according to the study.

The researchers approximate that there are 17 million open-recursive DNS servers on the Internet, the huge bulk of which give correct information. Dissimilar to other DNS servers, open-recursive systems will respond to all DNS lookup requests from any computer on the Internet, a facet principally practical for hackers.

The researchers estimate that up to 0.4 percent, or 68,000, open-recursive DNS servers are performing maliciously, returning bogus answers to DNS queries. Additionally they estimate that a further two percent of them supply dubious results. Together, these servers are starting to form a “second secret authority” for DNS that is undermining the credibility of the Internet, the researchers warned.

Attacks on the DNS system are not novel, and online criminals have been altering DNS settings in victim’s computers for at least four years now, Dagon said. However only lately have they assimilated the technology and expertise to consistently launch this particular category of attack in a more extensive way. Whereas the initial such attacks used computer viruses to create these changes, recently attackers have been relying on Web-based malware.

Using Google’s system of web crawlers, researchers revealed more than 2,100 Web pages that utilised exploit code to modify the Windows registry of visitors.

Click here to discuss this: Security Forums

Filed Under Business Security, Computer Security, IT Security, Internet Security News, Network Security, Server Security 
Tagged:



Add to Bookmarks:

ADD TO DEL.ICIO.US     ADD TO DIGG     ADD TO FURL

ADD TO STUMBLEUPON     ADD TO YAHOO MYWEB     ADD TO GOOGLE     ADD TO SPURL


Related posts to "Phishing Attacks could be Untraceable":



Comments

Got something to say?





Visited 248 times, 1 so far today