The Georgia Institute of Technology has teamed up with Google to investigate how to counter new forms of phishing attacks by hackers. Hackers are able to control users' internet browsing by using the "open recursive" DNS (Domain Name System) server. This type of attack is not new, although hackers have developed a technique that makes it almost undetectable by anti-virus and anti-phishing software.
A DNS server is an internet service that translates domain names into a numerical internet protocol address. For example, users would type "google.com" into an internet browser and it would translate it to something that would look like this: "207.35.118,135". The internet browser would then direct the user to the site.
DNS servers work together in a network. If one DNS server can't find the address it would send it to another one until the address is found. Unlike other DNS servers, open recursive DNS servers answer all DNS look-up requests from any computer on the internet. It is this feature that hackers use.
Google and the Georgia Institute of Technology have discovered that there are over 17 million open recursive DNS servers. Most of these give accurate information, but 0.4% or 68,000 are giving users false addresses to phishing sites. The hackers are able to send users to phishing sites with the DNS.
Phishing sites are false sites set up by hackers. Hackers would create sites that look like the original and get users to give information such as usernames, passwords and pin numbers. For example, they could copy an online bank site and get users to register and log in. The login information is sent to the hacker and he or she is able to use it to gain access to the user's bank account. They trick users into entering their phishing site by sending a fake email. The email, for example, could be made to look as though it came from the user's bank, asking them to login and update their details. The e-mail would then contain a link to the phishing site.
Hackers are using the open DNS system by targeting the user's settings. The user would either open a virus infected attachment on an e-mail or a website with the virus embedded in it. The virus will exploit the user's computer by changing just one file in Windows registry setting. The changed setting will allow the hacker to have complete control over the user's browser.
If the virus is not stopped during the initial stages, it can go undetected for the rest of its existence. Users might believe that because they have anti-phishing software they can't be infected. However, because the hacker is operating at DNS level, the anti-phishing software is rendered useless. Hackers would allow the user to browse normally, but would re-direct them suddenly if they tried to use online banking.
Google and the Georgia Institute of Technology are looking into developing a type of software that will counteract the hackers. They are also trying to create more awareness among all administrations to change their DNS servers. There is no real benefit from having an open-server. The Georgia Institute has marked phishing attacks as one of the top threats for 2008.
No comments:
Post a Comment