Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[REVS] Understanding and Preventing DNS-related Attacks by Phishers

from [SecuriTeam] Network Security [Permanent Link]
Subject: [REVS] Understanding and Preventing DNS-related Attacks by Phishers
Date: 8 Sep 2005 14:07:55 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  Understanding and Preventing DNS-related Attacks by Phishers
------------------------------------------------------------------------


SUMMARY

Exploiting well known flaws in DNS services and the way in which host 
names are resolved to IP addresses, Phishers have upped the ante in the 
cyber war for control of a customer's online identity for financial gain.

A grouping of attack vectors now referred to as "Pharming", affects the 
fundamental way in which a customer's computer locates and connects to an 
organisations online offering. Enabling the Pharmer to reach wider 
audiences with less probability of detection than their Phishing 
counterparts, pharming attacks are capable of defeating many of the latest 
defensive strategies used customer and online retailer alike.

This paper, extending the original material of "The Phishing Guide", 
examines in depth the workings of the name services of which 
Internet-based customers are dependent upon, and how they can be exploited 
by Pharmers to conduct identity theft and financial fraud on a massive 
scale.

DETAILS

Background:
This paper focuses upon a recent group of attack vectors used by criminals 
to target an organization's customers for identity theft and financial 
fraud. Closely related to Phishing attacks, this new attack manipulates 
the ways in which a customer locates and connects to an organization's 
named hosts or services through modification of the name lookup process.

The attack vectors, commonly referred to as Pharming, have the ability to 
bypass many traditional Phishing attack prevention tools and affect larger 
segments of an organizations customer-base.
Given the apparent complexity of this attack vector, this paper seeks to 
carefully explain many of the background processes all Internet-based 
customers use on a daily basis to connect to an organizations commercial 
service, and examines how frailties in them can be exploited by an 
attacker to conduct a Pharming attack.

Readers should ensure that they fully understand how traditional Phishing 
attacks are
conducted and the defensive strategies that have been adopted in the past 
to protect against them. Ideally the reader should be familiar with the 
author's previous paper "The Phishing Guide" as several sections of this 
paper reference information contained within the earlier whitepaper.

To read more about the guide please visit:  
<http://www.ngssoftware.com/papers/ThePharmingGuide.pdf> 
http://www.ngssoftware.com/papers/ThePharmingGuide.pdf


ADDITIONAL INFORMATION

The information has been provided by  <mailto:nisr@nextgenss.com> 
NGSSoftware Insight Security Research .
The original article can be found at:  
<http://www.ngssoftware.com/papers/ThePharmingGuide.pdf> 
http://www.ngssoftware.com/papers/ThePharmingGuide.pdf



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [REVS] Understanding and Preventing DNS-related Attacks by Phishers, SecuriTeam <=
Previous by Date:  [NT] Fastream NETFile FTP/Web Server HTTP HEAD DoS, SecuriTeam
Next by Date:  [UNIX] mutt mutt_decode_xbit() Buffer Overflow, SecuriTeam
Previous by Thread:  [NT] Fastream NETFile FTP/Web Server HTTP HEAD DoS, SecuriTeam
Next by Thread:  [UNIX] mutt mutt_decode_xbit() Buffer Overflow, SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]