DNS poisoning FUD

December 12, 2007

In response to one of today’s articles on Ars Technica titled “DNS poisoning used to redirect unwitting surfers“. I highly respect Ars and read their articles regularly, however, in this case, I believe this article may be causing more FUD, which is not especially helpful in this case.

In the article they discuss DNS servers that can potentially serve bad information from requests, what the article *sounds like* is that this is an attack on legitimate DNS servers in order to get them to serve bad data (which would be far more serious). In actuality, the attack is using malware to change a user’s DNS settings to point to an evil DNS server, which in turn serves evil entries to the machine when a user tries to access a site like chase.com for banking.

Essentially, it’s a very advanced form of phising that uses malware to set correct settings. This is NOT the DNS poisoning attack the article vaguely describes, which would be if hackers were to able to get trusted DNS servers to send false data. It’s sad that a trusted source like Ars published the article under such a misleading title. More readership I suppose? (or honest mistake, personally I don’t think Ars would do it intentionally).

On another note, would you click on a gmail webclip that looked like this??


I’m guessing that the site isn’t malicious, just in a different language and thus displayed in “???” instead of whatever the original language was. Still, I’m curious why gmail thought I would be able to read something since 99.9% of all my email is in English. I’m also curious what a lay user would think of a webclip like that.

I apologize for the lack of consistent posting lately, I’ve been hard at work on the nsm-console for inclusion in the upcoming Hex 1.0.2 release. More posts to come!

posted in dns, fud, gmail, hex, malware, nsm console, poisoning by Lee

Powered by Wordpress and MySQL. Theme by Shlomi Noach, openark.org