Google and the Georgia Institute of Technology will publish a study in February that portrays a new form of attack – virtually impossible to detect – that controls Internet users’ use of the network.
The analysis is called «Corrupted DNS Resolution Paths» and studies the average DNS servers used on the Internet to resolve addresses using IP addresses. At issue is the fact that criminals are combining those same servers with new tactics to create a new generation of security attacks. phishing.
Threats begin when a user accesses a website or opens a malicious attachment that exploits a bug on the computer. From there, hacker change a file in the Windows registry configuration, asking the computer to go to the malicious server to fetch all the DNS information.
If the initial code is not detected by the antivirus, the hackers immediately have remote control of the user’s computer, taking them to phishing and others where you can get the data from the internet user.
Analysts estimate that there are 17 million servers open-recursive DNS on the Internet, with the majority providing concrete information about a user, something particularly useful for hackers.
The work team involved in this analysis believes that about 0.4 percent of servers have malicious behavior, which corresponds to 68 thousand servers providing false responses to DNS requests.
David Dagon, of the Georgia Institute of Technology, says that this is a crime «with few witnesses» that directs users to «servers that do nothing but pollute the view of Internet users with ads», or to steal information from them , quotes PC World.
2007-07-25 – Failure detected in software which processes DNS requests
2007-04-13 – Microsoft admits error in the Windows Server DNS service