A new generation of phishing attacks is being studied jointly by Google and Georgia Institute of Technology, it seems the bad guys are getting some smarter ideas.
They are using Open Recursive DNS servers to poison DNS queries and return false information, thus luring consumers to even more realistic phishing domains.
Researchers at Google and the Georgia Institute of Technology are studying a virtually undetectable form of attack that quietly controls where victims go on the Internet.
The study, set to be published in February, takes a close look at “open recursive” DNS servers, which are used to tell computers how to find each other on the Internet by translating domain names like google.com into numerical Internet Protocol addresses. Criminals are using these servers in combination with new attack techniques to develop a new generation of phishing attacks.
The scary thing about this is, you could end up at Paypal.com or HSBC.com and the site could look exactly the same, but you could actually be connected to some Russian phishers web site…and you wouldn’t even know.
Unless of course you check the SSL certificate whilst using the https version, but come on – how many average Joes would do that?
The Georgia Tech and Google researchers estimate that as many as 0.4 percent, or 68,000, open-recursive DNS servers are behaving maliciously, returning false answers to DNS queries. They also estimate that another two percent of them provide questionable results. Collectively, these servers are beginning to form a “second secret authority” for DNS that is undermining the trustworthiness of the Internet, the researchers warned.
“This is a crime with few witnesses,” said David Dagon, a researcher at Georgia Tech who co-authored the paper. “These hosts are like carnival barkers. No matter what you ask them, they’ll happily direct you to the red light store, or to a Web server that does nothing more than spray your eyeballs with ads.”
Oh well, another scam to look out for and another threat to monitor. Something else for us to educate the masses about, and some more ammo for us to scare people with.
It’s not all bad – is it?
Source: PC World
- ProtonMail DDoS Attack – Sustained & Sophisticated
- HookME – API Based TCP Proxy Including SSL
- EvilFOCA – Network Attack Toolkit
- Metasploit Site Hijacked by ARP Poisoning Attack
- ARPwner – ARP & DNS Poisoning Attack Tool
- Tmin – Test Case Optimizer for Automated Security Testing
Most Read in Network Hacking:
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,278,111 views
- Wep0ff – Wireless WEP Key Cracker Tool - 513,496 views
- THC-Hydra – The Fast and Flexible Network Login Hacking Tool - 324,870 views