|
DNS poisoning redirecting unwitting surfers |
|
|
|
Written by Jared Maynard
|
|
Wednesday, 12 December 2007 |
"In the never-ending war between security researchers and malware authors, each side continually attempts to outmaneuver or out-engineer the other. The latest security threat to hit the white hat radar involves a new form of system-level DNS hijacking. DNS hijacking, in and of itself, is nothing new, but it's now apparently possible to reliably initiate such attacks using web-based malware, rather than relying on an end-user to download or activate a suspicious attachment.
According to a recent report by PCWorld, research teams working out of Google and the Georgia Institute of Technology have discovered a series of open-recursive DNS servers that were classified as behaving "suspiciously." Open-recursive DNS servers are DNS servers that will answer any lookup request, no matter where it originates. So long as the DNS servers return accurate information—and the vast, vast, majority do—everything is kosher. When open DNS servers don't return valid information, however, they open the door to an entire world of problems.
Poisoning a DNS server allows the malware author to send your computer virtually anywhere he wants. Since your system is being driven to false web sites based on DNS information, there's no way for any malware suite running locally to detect or report on the problem—at least, not once the damage has been done. There are still limitations on what can be done; a false web site set up to look like PNCBank (for example) wouldn't be able to authenticate with the SSL certificate stored on a users' system. Password and logon information could still be gathered in other ways, however, and some users would undoubtedly ignore warning signs by trusting the web address telling them they really were at (www.securesite.com)." Read for More.. ~arstechnica.com
|
