Back and Next - Back and NextThe 10 biggest security risks
Wednesday, March 14, 2007
The 10 biggest security risks: Crooks redirect your browser to their scam websites
As web surfers become more cautious, hackers are beginning to redirect users to their own fake websites...even if you key in the right URL on your computer.
Danger level: High | Likelihood: High | Target: Businesses
Odds are, you use Domain Name System servers every day. They translate human-friendly names like "www.pcworld.com" into the numerical IP addresses that computers use to find each other on the internet. Your ISP has its own DNS server, as do most companies. The internet can't get by without them.
But, more than a million DNS servers around the world--up to 75 percent of all servers, according to networking firm The Measurement Factory--run old or misconfigured DNS software. Such systems are subject to a wide enough range of serious attacks that the SANS Institute, a computer security research and education organization, lists DNS software as one of the top 20 internet vulnerabilities. For example, it was widely reported that cyber crooks used misconfigured DNS servers in lethal denial-of-service attacks that forced antispam firm Blue Security to shut its doors permanently in May.
Attacks work in several ways. One tactic is "cache poisoning", where an offender can simultaneously target everyone who uses the DNS server. A successful attack tricks a company's or ISP's server into sending everyone who uses it to a phishing or other malicious site. You might type "www.americanexpress.com" or "www.yahoo.com", but you will end up at a website that installs an arsenal of malware on your computer.
Another lethal ploy: when bad guys send spoofed requests to DNS servers that are recursive, the servers respond by sending answer messages to the intended victim. The responses contain more data than the original requests, which thus magnifies the attack beyond what the crooks could send themselves. The hapless victim is completely overwhelmed by garbage data and can't respond to genuine requests from regular users.
Defence
Ask your company's IT group to make sure your DNS server is not recursive and its software is up-to-date. For more information, consult the US-CERT report.
As web surfers become more cautious, hackers are beginning to redirect users to their own fake websites...even if you key in the right URL on your computer.
Danger level: High | Likelihood: High | Target: Businesses
Odds are, you use Domain Name System servers every day. They translate human-friendly names like "www.pcworld.com" into the numerical IP addresses that computers use to find each other on the internet. Your ISP has its own DNS server, as do most companies. The internet can't get by without them.
But, more than a million DNS servers around the world--up to 75 percent of all servers, according to networking firm The Measurement Factory--run old or misconfigured DNS software. Such systems are subject to a wide enough range of serious attacks that the SANS Institute, a computer security research and education organization, lists DNS software as one of the top 20 internet vulnerabilities. For example, it was widely reported that cyber crooks used misconfigured DNS servers in lethal denial-of-service attacks that forced antispam firm Blue Security to shut its doors permanently in May.
Attacks work in several ways. One tactic is "cache poisoning", where an offender can simultaneously target everyone who uses the DNS server. A successful attack tricks a company's or ISP's server into sending everyone who uses it to a phishing or other malicious site. You might type "www.americanexpress.com" or "www.yahoo.com", but you will end up at a website that installs an arsenal of malware on your computer.
Another lethal ploy: when bad guys send spoofed requests to DNS servers that are recursive, the servers respond by sending answer messages to the intended victim. The responses contain more data than the original requests, which thus magnifies the attack beyond what the crooks could send themselves. The hapless victim is completely overwhelmed by garbage data and can't respond to genuine requests from regular users.
Defence
Ask your company's IT group to make sure your DNS server is not recursive and its software is up-to-date. For more information, consult the US-CERT report.
Author: Author: Andrew Brandt
Source: www.pcworld.ca
See Also - See Also