DNS pharming attacks target .com domain
LATEST NEWS
- Video will drive UFB uptake, but NZ lacks content choices: ComCom || 1
- TelstraClear's half-year revenue drops by 4 percent, but telco posts $1m profit
- Peter Finch leaves CIO post at Gen-i || 1
- 2degrees announces 875,656 customers
- NZ Fauna app fills 'crazy' lack of animal info || 4
- Megaupload interest a mixed blessing for Pirate Party || 2
SUBSCRIBE
Computerworld is New Zealand's only specialised information systems fortnightly. Subscribe now for $100 (23 issues) and save more than 37% off the cover price!
SIGN UP
Scammers can hijack your browser and steal your email
By Paul Roberts | Boston | Tuesday, 5 April, 2005
A new round of so-called "pharming" attacks is targeting the .com internet domain, redirecting some internet users who are looking for .com websites to web pages controlled by the unknown attackers.
The SANS Institute's Internet Storm Center (ISC) issued a warning late last week about the new attacks, which corrupt some DNS servers so that requests for .com sites sent to those servers connect users instead to websites maintained by the attackers. News of the new attacks comes amid increasing reports of pharming scams, and statistics that show at least 1,300 internet domains were redirected to compromised web servers in a similar attack earlier in early March.
ISC advises network operators to block traffic to and from the IP addresses involved in the attack to stop the redirection, according to information posted on the ISC website.
The latest attack use a strategy called DNS cache poisoning, in which malicious hackers use a DNS server they control to feed erroneous information to other DNS servers. The attacks take advantage of a vulnerable feature of DNS that allows any DNS server that receives a request about the IP address of a web domain to return information about the address of other web domains.
Internet users who rely on a poisoned DNS server to manage their web surfing requests might find that entering the URL of a well-known website directs them to an unexpected or malicious web page.
Pharming attacks are similar to phishing identity theft attacks, but don't require a "lure" such as a web link that victims must click on to be taken to the attack website. The attacks have been increasing in recent months, as internet users become more savvy about traditional phishing scams and online criminal groups look for new ways to collect sensitive information or financial data from victims, according to The Anti-Phishing Working Group.
In the latest attack, a rogue DNS server posed as the authoritative DNS server for the entire .com web domain. Other DNS servers that were poisoned with this false information redirected all .com requests to the rogue server, which responded to all .com requests with one of two IP addresses. Web pages at those addressed displayed a search engine and an advertisement for a website, www.privacycash.com.
Neither web page used in the attack was available yesterday.
In a similar DNS cache poisoning attack in early March, requests from more than 900 unique internet addresses and more than 75,000 email messages were redirected, according to log data obtained from compromised web servers that were used in the attacks, ISC says.
MOST POPULAR
Social Media @Computerworld NZ
Computerworld NZ has now reached LinkedIn! Join to expand your networks and meet others interested in information systems.
