Submission + - DNS attack ushers in new era of Phishing 2.0 (computerworld.com.au)
Bergkamp10 writes: Researchers at Google and the Georgia Institute of technology are studying a new virtually undetectable form of attack that exploits 'open recursive' DNS servers, which are used to tell computers how to find each other on the Internet by translating domain names like google.com into numerical Internet Protocol addresses. Some 17 million open-recursive DNS servers are on the Internet, and unlike other DNS servers they answer all DNS lookup requests from any computer on the net, making them the perfect target for would be hackers and attackers. Criminals are apparently using these servers in tandem with new attack techniques to develop a generation 2.0 of phishing.
Here's how an attack would work. A victim would visit a Web site or open a malicious attachment that would exploit a bug in his computer's software. Attackers would then change just one file in the Windows registry settings, telling the PC to go to the criminal's server for all DNS information. If the initial exploit code was not stopped by antivirus software, the attack would give attackers virtually undetectable control over the computer. Once they'd changed the Windows settings, the criminals could take victims to the correct Web sites most of the time, but then suddenly redirect them to phishing sites whenever they wanted — during an online banking session, for example. Because the attack is happening at the DNS level, anti-phishing software would not flag the phoney sites.