14 DAY TRIAL // Researchers from Google and Georgia Tech have discovered a mind troubling loophole in the domain name system that is the Mecca of all phishing scammers. There's no way to detect such a scam unless you know what you're looking for, and know it well. It's a piece of code that propagates just the way others do, via spam and email, but the results it gets to can make a simple hijacking of your computer's functions look like a dandelion compared to an oak tree.
It operates by changing a file in the Windows Registry settings and, from that point on, the user's computer will be directed only to the malicious server for all the DNS information required. Anti-phishing software, go to bed, there's no way to fight this with the current security technology being made available on the market. A victim of this type of attack will only be redirected to sites of the cyber criminal's choosing without knowing it. With the vast proportions that Internet shopping has reached today, vital personal information is bound to be given up sooner rather than later.
Even DNS inventor Paul Mockapetris is worried about this exploit, as he published a report earlier this week dedicated to the attack. According to him, it won't be long until somebody walks away with $100 million after successfully pulling a quickie this way.
The liability lies within the open recursive DNS servers, which translate the alphanumerical domain addresses such as softpedia.com into numerical IP addresses. A new generation of phishing attacks is on its way, made possible by the attack techniques being constantly improved and the servers mentioned above.
There are about 60,000 open recursive servers that behave in a malicious manner by returning false answers to DNS queries, a 0.4 percent of the total. Some other 2 percent return questionable results.