March 8, 2005 - (HOSTSEARCH.COM) – Internet security watchdog Netcraft reported yesterday that 2 new DNS security threats have emerged to threaten Internet users. High tech criminals are now using DNS wildcards and DNS poisoning attacks to redirect users to fraudulent sites in order to get them to reveal vital personal information.
The Internet’s phishermen have begun using DNS wildcards and URL encoding to create email links that display the URLs of legitimate banking sites, but send victims to spoof sites designed to steal their login details. A wildcard DNS record (*.example.com) will resolve all requests that are not matched by any other record. Wildcards are normally used to handle mistyped e-mail addresses, but are increasingly being used by spammers.
Barclays Bank is the most recent legitimate business to be used as bait for this type of attack where an email included URLs starting with barclays.co.uk, followed by a lengthy sequence of letters and symbols.
Another new attack using DNS cache poisoning injects false information into DNS servers, which route Internet traffic by matching domain names with IP addresses at web hosts, allowing hackers to redirect users to bogus web sites. Last week, a known vulnerability in Symantec firewalls was exploited to change information on a small number of local DNS servers, sending requests for Google.com, eBay.com and Weather.com to a trio of hacker sites (7sir7.com, 123xxl.com and abx4.com) that attempted to install spyware on vistors' computers.
