RSS Archive Contact Us Advertise

IT Management Begins With Security
SecurityProNews > News > Security News > Redirection Key To Phishing Attacks
Search:
[ news_security_news ]

Redirection Key To Phishing Attacks



David Utter
Staff Writer
2008-01-31

SecurityProNews: News RSS Feed Security News RSS Feed


More phishing efforts by criminals make use of redirection and other DNS tricks to keep investigators from tracking down their sites.

The rise of fast-flux and rockphish techniques represents the latest move in the cat and mouse game of online security. Judging by the November data from the Anti-Phishing Working Group, those redirections grew in prevalence.

When successful, the typical computer user won't realize a DNS setting has been changed until after visiting a fake site and having login credentials stolen, all while the web browser displayed a correct URL in the address bar.

The APWG had this to say about redirectors in their latest compilation of observations:

Along with phishing-based keyloggers we are seeing high increases in traffic redirectors. In particular the highest volume is in malicious code which simply modifies your DNS server settings or your hosts file to redirect either some specific DNS lookups or all DNS lookups to a fraudulent DNS server.

The fraudulent server replies with "good" answers for most domains, however when they want to direct you to a fraudulent one, they simply modify their name server responses. This is particularly effective because the attackers can redirect any of the users requests at any time and the end-users have very little indication that this is happening as they could be typing in the address on their own and not following an email or Instant Messaging lure.

As we reported earlier in the week, domain tasting has been coupled with redirectors on an increasing basis. Domain tasting gives criminals an ongoing resource of destinations for redirecting people to from spam or web links.

When tasted domains come online for their 5-day grace period, the criminals simply change their DNS reply for a request for it to redirect to this temporary destination. A few days later, the domain disappears, and the redirector is pointed elsewhere.

The escalation in technical capabilities by the bad guys bodes poorly for non-technical Internet surfers. We have advocated pushing the spam fight off the desktop and out to the gateway of the network, where it belongs. Until that happens on a truly large scale, links to redirected sites and other threats will keep on coming to the inbox.


About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More news_security_news Articles

SecurityProNews: News RSS Feed Security News RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - 1998-2008 All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds