Hackers Begin Abuse Domain Name Trust--netinchina.org.cn

Posted in the Aruba Networks Forum

Since: Nov 07

Shanghai, China

#1 Nov 25, 2007
Hackers Abuse Domain-Name Trust--netinchina.org .cn

Domain name news brought to you by netinchina.org .cn

Using variations on trusted, popular domains has long been a common tactic for scammers,
spammers and porn sites. But cyber criminals have devised a new twist on the misspelled domain-name trick by hijacking IP addresses. And they tried it on Yahoo.

To fix the old problem, server-based security products would trace the IP address of the server behind the domain. Once the IP address resolved the misspelled domain name, the products would then compare the IP address against a database of known fraudulent sites or questionable locations. So if a site were masquerading as eBay but the filters found it was really a server in China that had only been established one week earlier, it would block access.

In the case of Yahoo, security firm Finjan said hackers exploited an unused IP address within
Yahoo's hierarchy and used that as the domain address behind a forged Google Analytics domain
name. This fooled the Web-filtering products into believing a person was going to a highly
trusted Yahoo domain. The victims never knew they were on a malicious Web site, and neither did the security mechanisms on the network.

"They managed to resolve the domain name to an IP address owned by Yahoo. How they added an
address into a DNS server to appear to be an IP address owned by Yahoo is unknown," Yuval Ben-
Itzhak, CTO of Finjan, told InternetNews.com . He added that Yahoo, while responsive and quick to
shut down the compromised address, did not disclose exactly what equipment was behind the
compromised IP address.

Ben-Itzhak thinks something in the server was broken that enabled the bad guys to push that content down to users without Yahoo knowing. He said that's a flaw in social networks.

"In 2007, something very clear has come out: these Web 2.0 sites are great fun but also a great platform for hackers to host malicious code as well," said Ben-Itzhak. "You can upload anything you like, so you can upload malicious content, as well. On MySpace we found hundreds of pages with malicious code this year."

Ben-Itzhak said server-based security is still the primary mode of defense but also recommended
browser plug-ins, such as Finjan's SecureBrowsing or Exploit Prevention Labs' LinkScanner, both of which scan the actual content coming over the wire from a site and alert the user if it's suspicious.

Tell me when this thread is updated:

Subscribe Now Add to my Tracker

Add your comments below

Characters left: 4000

Please note by submitting this form you acknowledge that you have read the Terms of Service and the comment you are posting is in compliance with such terms. Be polite. Inappropriate posts may be removed by the moderator. Send us your feedback.

Aruba Networks Discussions

Title Updated Last By Comments
Authentications (Apr '13) Apr '13 Vinit Bhosle 1
Lazard Places Buy Rating on Aruba, Caution on F... (Feb '12) Feb '12 All Scripts 1
Aruba Issue..... (Dec '11) Dec '11 Rahul Khanna 1
How to Implement Colubris (Mar '10) Mar '10 Artux 2
Certification for Ubuntu (Nov '09) Nov '09 Simon 1
'Too valuable to lose' in domain names -Shangha... (Nov '07) Nov '07 Alao25 1
Generic domain offer business possibilities--Sh... (Nov '07) Nov '07 Alao25 1

Aruba Networks People Search

Addresses and phone numbers for FREE