Forecast a new form of phishing attack

Goolge researchers and the Georgia Institute of Technology (USA) are working on an undetectable virtual attack method that can "quietly" control victims no matter where they are on the Internet. .

The study is expected to be released in February next year, with detailed analysis of "open recursive" DNS servers - used to specify how computers search each other on the Internet by translating domain name, such as Google.com, into digital IP address. Criminals are linking these types of servers with new attack techniques to develop a new generation phishing mode.

Researchers estimate that there are currently about 17 million open recursive DNS servers on the Internet, largely giving accurate information. However, unlike DNS servers, open recursive systems respond to all DNS search queries from any computer on the Internet, an extremely useful feature for hackers.

Picture 1 of Forecast a new form of phishing attack Georgia Institute of Technology and Google also estimate that about 0.4% (about 68,000) open recursive DNS servers are being exploited and responding incorrectly to DNS queries. About 2% of these servers give a confusing answer. This is really a threat because DNS has been considered the foundation and trust of the Internet.

" This is a form of crime because these servers can guide users to access dangerous websites or a dedicated Web server ," said David Dagon, a researcher with the Georgia Institute of Technology. .

The attack on the DNS system is not new, and cybercrime groups have been changing DNS configuration on victim computers for many years. However, only a small part of "black hat" hackers take advantage and replicate this attack method. Instead, they use the virus to make changes to DNS configuration, and then point to the use of malicious malware (malware).

Google has provided the context of the attack as follows :

Victims visiting a website or opening a malicious attachment may exploit a computer software vulnerability. The attacker will then just need to change a file in the Registry to control the PC to connect to the hacker server for all DNS information. If the initial exploit code is not blocked by the antivirus program, the attack will allow hackers to control the computer in an undetectable way.

Once you have changed the Windows configuration, criminals can take control of the computer and forward it to malicious sites whenever they want. Because this attack method only takes place at the DNS level, anti-phishing software cannot detect the phishing site that users access.

According to Chris Rouland, technical director of IBM's Internet security system thinks that these types of DNS attacks will target Web 2.0 sites in the next few months, because these types of sites often allow users to connect with many websites that may not be reliable and secure.

Van Han