Originally published March 16 2005
Phishers are now infecting DNS servers to send people to bogus web sites
by Mike Adams, the Health Ranger, NaturalNews Editor
A security loophole in Symantec's security system is being utilized by malicious hackers to send people to false sites that will steal their financial information. By infecting domain name servers (DNS) in order to send people to replicas of real sites, hackers can steal passwords and financial data from unsuspecting users. The problem is not that widespread yet, but it is almost undetectable to all but the most cautious of users.
Phishers using DNS servers to lure victims?
Online thieves looking for personal data may be moving to more active measures by redirecting people from legitimate sites to malicious ones, security experts said this week.
The warning follows reports Friday that some people's computers were being redirected from sites such as eBay and Google to malicious Web servers that attempted to install spyware.
The compromises affected 30 to 40 networks, according to Jason Lam (PDF file), incident handler for the Internet Storm Center, which tracks network threats.
"With DNS poisoning, if they intended to use it for phishing, it would have been very bad."
"It's hard to tell how many people were impacted by this, but it wasn't very widespread," Lam said Tuesday.
The attacks compromised servers that act as the white pages of the Internet--a key part of cyberspace that's known as the domain name system, or DNS--to replace the numeric addresses of popular Web sites with the addresses of malicious sites run by the attackers.
Known as DNS poisoning, the scheme redirects Internet users to bogus sites where they may be asked for sensitive information or have spyware installed on their PCs.
The Internet Storm Center, which represents a group of incident response professionals organized by the SANS Institute, a security training organization, said that a recent flaw in Symantec's firewall and gateway security appliances likely allowed some of the DNS poisoning to occur.
However, other sites that do not use Symantec products also were victims, Lam said.
"In this case, the content of the site was different," he said.
"But with DNS poisoning, if they intended to use it for phishing, it would have been very bad."
All content posted on this site is commentary or opinion and is protected under Free Speech. Truth Publishing LLC takes sole responsibility for all content. Truth Publishing sells no hard products and earns no money from the recommendation of products. NaturalNews.com is presented for educational and commentary purposes only and should not be construed as professional advice from any licensed practitioner. Truth Publishing assumes no responsibility for the use or misuse of this material. For the full terms of usage of this material, visit www.NaturalNews.com/terms.shtml