Friday, June 1, 2012

DNS Security (Part 2 of 4)

Last time I referenced an article which states that hundreds of thousands of users may lose Internet connectivity on July 9th. 

http://www.foxnews.com/scitech/2012/05/25/google-warns-hundreds-thousands-may-lose-internet-in-july/

So what is this DNS anyway?  The best way to look at DNS, (Dynamic Name Server), is what many of us use our smartphones for.  When you decide to call John Smith, you tell your phone to not dial “John Smith” but a phone number associated with John Smith.  So you select John Smith and your phone redirects that request and dials 212-555-6789. 

DNS works the same way.  You put in www.mtgolibrary.com and your browser translates that into an aaa.bbb.ccc.ddd Internet address.

So what does this piece of malware do?  It just sits there, monitoring which DNS requests are made and if a high-value site is requested, this malware will intercept the valid request and substitute a fake answer in its place.  So instead of legitimately going to aaa.bbb.ccc.ddd for your bank, you’ll go to vvv.xxx.yyy.zzz instead.

Now what the bad guys will do is set up a site which looks and feels like your bank at vvv.xxx.yyy.zzz so that to the casual user, they’ve reached their bank.  The bad guys will even pull images from your bank’s real webpage to make the façade appear more authentic.  You then log into your bank and now the bad guys have your credentials and can now make a sizable withdrawal from your account.

So what can we botters do to deal with this silent but nasty threat?  We’ll touch on that next time.

No comments:

Post a Comment