- 12 myths about how the Internet works
- Smartphone smackdown: Storm vs. iPhone
- IETF: Should we ignore the Kaminsky bug?
- Top 10 wicked cool algorithms
- How to recession-proof yourself
A new round of so-called "pharming" attacks is targeting the .com Internet domain, redirecting some Internet users who are looking for .com Web sites to Web pages controlled by the unknown attackers.
The SANS Institute's Internet Storm Center (ISC) issued a warning Thursday about the new attacks, which corrupt some DNS (domain name system) servers so that requests for .com sites sent to those servers connect users instead to Web sites maintained by the attackers. News of the new attacks comes amid increasing reports of pharming scams, and statistics that show at least 1,300 Internet domains were redirected to compromised Web servers in a similar attack in early March.
ISC advised network operators to block traffic to and from the IP addresses involved in the attack to stop the redirection, according to information posted on the ISC Web site.
DNS is a global network of computers that translates requests for reader-friendly Web domains, such as http://www.nwfusion.com , into the numeric IP addresses that machines on the Internet use to communicate.
The latest attack use a strategy called DNS cache poisoning, in which malicious hackers use a DNS server they control to feed erroneous information to other DNS servers. The attacks take advantage of a vulnerable feature of DNS that allows any DNS server that receives a request about the IP address of a Web domain to return information about the address of other Web domains.
Internet users who rely on a poisoned DNS server to manage their Web surfing requests might find that entering the URL of a well-known Web site directs them to an unexpected or malicious Web page.
Pharming attacks are similar to phishing identity theft attacks, but don't require a "lure," such as a Web link that victims must click on to be taken to the attack Web site. The attacks have been increasing in recent months, as Internet users become more savvy about traditional phishing scams and online criminal groups look for new ways to collect sensitive information or financial data from victims, according to The Anti-Phishing Working Group.
In the latest attack, a rogue DNS server posed as the authoritative DNS server for the entire .com Web domain. Other DNS servers that were poisoned with this false information redirected all .com requests to the rogue server, which responded to all .com requests with one of two IP addresses. Web pages at those addressed displayed a search engine and an advertisement for a Web site, www.privacycash.com.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment