antiworm

The flaws discovered in DNS recently by Dan Kaminsky have existed for years. He linked several of them together, a concept known as " exploit chaining " to reveal a much more serious flaw. His technique makes it possible to hijack and misdirect a user's web browser to a malicious web site, even in cases where the user types the correct URL. ' That, of course, completely makes a fool of Verisign's Ken Silva, chief technology officer, who's been running around to the press saying irresponsible if not utterly foolish things like: "We have anticipated these flaws in DNS for many years and we have basically engineered around them." Kudos to Mr. Kaminsky, for working in private with the major vendors of DNS server software, who had patches ready to go before the flaw was announced. This kept the script kiddies from having a field day with the vulnerabilities, which were endemic to nearly all DNS servers. Apparently there remain some issues not yet addr...

I haven't seen the original paper, but this article claims that researchers at Google and Georgia Institute of Technology estimate that there are 68,000 rogue DNS servers on the net. Use of Rogue DNS Servers on Rise Rogue DNS is one of the services provided by the zillions of malware, virus, worm, and rootkit infested zombie PC systems on the internet at any given time. The interesting part of this trick is that zombie PC systems might get "cleaned up" after an infestation has been detected, but their DNS configuration might (OK, probably does in nearly every case) remain pointing to a rogue DNS server, which occasionally, but not always, provides fraudulent data back to requesting clients. This is yet another reason why infested PC systems must be re-installed from clean original media whenever possible, in case you didn't have enough reasons already. The paper: Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority David Dagon, Chris Le...