Poisoning of DNS Caching Gets worse

By Alan Harten

IP authentication specialists are warning of a large scale increase in the use of poisoned DNS caches by cyber-criminals.

Back in July, the Computer Emergency Response Team issued a notice warning of yet another threat to internet security.

This new pain in the computer user’s posterior fools people into giving up passwords and other personal details.

Even if people are well used to these clever slight of hand techniques for stealing valuable information, poisoned DNS caches have another trick up their sleeves.

They can also take over with malicious malware problems and difficulties in other areas such as emails.

The attack relies on the fact that we all use domain name lookup tables, even if we don’t know it.

When we type in a web site address, domain name lookup changes that into a set of numbers.

With these poisoning attacks, the tables for these numbers have been played with to alter the numbers so that they no longer relate to the same web site.

In this way a popular site can be hijacked and replaced with a site that contains malware and makes money for the criminals responsible.

These false pages could also be made to look identical to the page the person intended to go to (such as a bank).

Once there, they may enter their user name and password not knowing that this is a fake page and the criminals are recording the ID and password details.

According to First Cyber Security this is a particular problem because the IT security industry is not ready for this new problem and has little in the way of defences against it.

Regular users could easily slip into one of these sites and there is little the industry can do but attempt to shut the sites down, but experience has shown that you shut one nasty site down two pop up in its place.