We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Google: DNS flaw makes phishing scams invisible

Financial scams could become undetectable

Users are at risk from a loophole in the the domain name system (DNS) that could make financial scams undetectable, according to a study by researchers from Georgia Tech and Google.

Corrupted DNS Resolution Paths was presented by researchers David Dagon, Chris Lee and Wenke Lee of Georgia Tech, and Niels Provos of Google, at the Network and Distributed System Security Symposium (NDSS) in San Diego this week.

The attack they describe, called 'DNS resolution path corruption', could be carried out by a simple piece of code implanted via a malicious website or email attachment, the study said. The code would change a file in the Windows Registry settings, telling the PC to use the malicious server for all DNS information.

This would allow scammers to invisibly guide users to the malicious sites of their choice, getting around security tools such as antiphishing software.

See also:

NEW: Latest news about Google - click here

Get the latest PC security news, reviews tips and tricks at Security Advisor

The exploit described in the new paper could lead to serious financial liabilities, according to DNS inventor Paul Mockapetris. In a published report this week he said it is only a matter of time before a crook makes off with up to $100m in a successful attack on a corporation.

The problem is 'open recursive' DNS servers, which are used to tell computers how to find each other on the internet by translating domain names such as google.com into numerical IP addresses. Criminals are using these servers in combination with new attack techniques to develop a new generation of phishing attacks, according to the study.

The researchers estimate that there are 17 million open-recursive DNS servers on the internet, the vast majority of which give accurate information. Unlike other DNS servers, open-recursive systems will answer all DNS lookup requests from any computer on the internet, a feature that makes them particularly useful for hackers.

The researchers estimate that as many as 0.4 percent, or 68,000, open-recursive DNS servers are behaving maliciously, returning false answers to DNS queries. They also estimate that another two percent of them provide questionable results. Collectively, these servers are beginning to form a 'second secret authority' for DNS that is undermining the trustworthiness of the internet, the researchers warned.

Attacks on the DNS system are not new, and online criminals have been changing DNS settings in victim's computers for at least four years now, Dagon said. But only recently have the bad guys lined up the technology and expertise to reliably launch this particular type of attack in a more widespread way. While the first such attacks used computer viruses to make these changes, lately attackers have been relying on web-based malware.

Using Google's network of web crawlers, researchers uncovered more than 2,100 web pages that used exploit code to change the Windows Registry of visitors.

Get the latest PC security news, reviews tips and tricks at Security Advisor

IDG News Service's Robert McMillan contributed to this report.

IDG UK Sites

Microsoft Surface 3 UK release date, price and specs: New Surface tablet offers free upgrade to Win?......

IDG UK Sites

It's World Backup Day 2015! Don't wait another minute: back up now

IDG UK Sites

Adobe Comp CC iPad app review

IDG UK Sites

April Fool's Day pranks: play these geeky pranks on April Fools Day and fool your friends