Tuesday, February 12, 2008

New Phishing Method Could Be Undetectable

Loopholes in the the Domain Name System (DNS) could make financial scams such as phishing attacks practically undetectable.

According to a recent Techworld.com article "Phishing attacks could be undetectable". Researchers David Dagon, Chris Lee and Wenke Lee of Georgia Tech, and Niels Provos of Google presented their study "Corrupted DNS Resolution Paths" describing the exploit, called "DNS resolution path corruption".

The study noted in a previous article describes how an attack could be carried out by a simple piece of code implanted via a malicious website or email attachment. The code would change a file in the Windows registry settings, telling the PC to use the malicious server for all DNS information.

The Techworld article states, "The problem is "open recursive" DNS servers, which are used to tell computers how to find each other on the internet by translating domain names like google.com into numerical Internet Protocol addresses. Criminals are using these servers in combination with new attack techniques to develop a new generation of phishing attacks, according to the study."

"Using Google's network of web crawlers, researchers uncovered more than 2,100 Web pages that used exploit code to change the Windows registry of visitors."

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you