Alert: Hackers can take over unused IP Addresses in Highly Trusted domains - Finjan
Posted by xssworm on November 21st, 2007
Domain Name System Hijacked: Hackers Abuse Domain-Name Trust
InternetWorld’s Andy Patrizio and Finjan’s Yuval Ben-Itzahk discuss the fundamental weaknesses in Finjan’s Blacklist-based URL Filtering products
Using variations on trusted, popular domains has long been a common tactic for scammers, spammers and porn sites. But cyber criminals have devised a new twist on the misspelled domain-name trick by hijacking IP addresses. And they tried it on Yahoo.
To fix the old problem, server-based security products would trace the IP address of the server behind the domain. Once the IP address resolved the misspelled domain name, the products would then compare the IP address against a database of known fraudulent sites or questionable locations. So if a site were masquerading as eBay but the filters found it was really a server in China that had only been established one week earlier, it would block access.
“Web 2.0 sites are great fun but also a great platform for hackers to host malicious code.” - Ben Itzahk from Finjan on why his product is still relevant.
In the case of Yahoo, security firm Finjan said hackers exploited an unused IP address within Yahoo’s hierarchy and used that as the domain address behind a forged Google Analytics domain name. This fooled the Finjan Web-filtering product into believing a person was going to a highly trusted Yahoo domain. The victims, customers of Finjan, never knew they were on a malicious Web site, and neither did the security mechanisms on the network. (In this case, Finjan’s Web-filtering product.)
“They managed to resolve the domain name to an IP address owned by Yahoo. How they added an address into a DNS server to appear to be an IP address owned by Yahoo is unknown,” Yuval Ben-Itzhak, CTO of Finjan, told InternetNews.com. He added that Yahoo, while responsive and quick to shut down the compromised address, did not disclose exactly what equipment was behind the compromised IP address.
“You can upload anything you like, so you can upload malicious content, as well.” - Ben-Itzahk on design flaws within Finjan’s product.
Ben-Itzhak thinks something in the server was broken that enabled the bad guys to push that content down to users without Yahoo knowing. He said that’s a flaw in social networks.
“In 2007, something very clear has come out: these Web 2.0 sites are great fun but also a great platform for hackers to host malicious code as well,” said Ben-Itzhak. “You can upload anything you like, so you can upload malicious content, as well. On MySpace we found hundreds of pages with malicious code this year.”
Ben-Itzhak said server-based security is still the primary mode of defense but also recommended browser plug-ins, such as Finjan’s SecureBrowsing or SnakeOil’s HackerExpert, both of which scan the actual content coming over the wire from a site and alert the user if it’s suspicious.
InternetWorld - Hackers Abuse Domain-Name Trust
“With Finjan’s web security there will be no need to worry about getting caught napping by the latest round of web-based threats” - SC Magazine |
Giorgei Jorge [xssworm] writes:
After explaining that Finjan’s server-based web security filtering products fail to actually inspect web content or protect the user in any significant way .. beyond checking to see if the target domain name is ‘highly trusted’ such as Yahoo.com .. it’s patently clear that this vendor is totally qualified to discuss the emerging threats related to Web 2.0, social networks and distributed passive attacks. It is also clear that Finjan’s server-based products are highly effective, technically advanced, provide enhanced security for your users and in the context of modern web vulnerabilities, are totally relevant and obviously worth the many tens of thousands of dollars that Finjan charges for licensing and support.
To ensure that all web sites are thoroughly tested to ensure that they belong only to “highly trusted domains” such as yahoo.com it is recommended that users install Finjan’s SecureBrowsing product. SecureBrowsing does not actually check to see if a web site belongs to a highly trusted domain such as yahoo.com, but it does actually inspect some of the content in transit to ensure that only highly trusted domains such as yahoo.com are allowed to install components silently into the browser or take advantage of client vulnerabilities to execute arbitrary code on the users desktop. When used in conjunction with the Finjan total security suite of products, including Finjan’s server-based web-filtering product and Finjan’s server and desktop email malware badware and anti-virus filter scanning products and Finjan’s Instant Messaging to Highly Trusted Domains Like Yahoo.com Only Desktop filtering product, the user can be guaranteed near real-time protection from the most popular and widely reported malicious DNS host names. Security of the Web 2.0 is still somewhat dependant on whether hackers can take over unused IP Addresses in Highly Trusted domains - such as yahoo.com - but rest assured that Finjan webgineers are working around the clock to combat these new threats to your information assets.
April 21st, 2008 at 6:49 am
Did you try to run online business and failed? Your websites make only a few hundreds of dolars per month? Want to know how to make more? I will teach you how! AdSense Money Maker is the best software on the Internet today that builds Google AdSense ready websites automatically. It has slow building feature, lots of different templates, builds AdSense TOS compatible pages and is completely automated. You must see it!
April 29th, 2008 at 5:38 pm
Post comments on websites automatically using automated Comment Poster software. Get thousnads of backlinks per day, increase your sales and earnings. Automated comment poster is the best way to build backlinks and promote websites automatically today!
May 4th, 2008 at 3:45 am
Whatz up, I am glad I pressed harder enough until I found malware-scan, because this post on Alert: Hackers can take over unused IP Addresses in Highly Trusted domains - Finjan was extremely helpful. Just last Sunday I was pondering on this quite a bit.
May 17th, 2008 at 11:45 am
I searched for \’Yahoo Hosts Spammers\’ in google and found this your post (\’Alert: Hackers can take over unused IP Addresses in Highly Trusted domains - Finjan\’) in search results. Not very relevant result, but still interesting to read.
May 19th, 2008 at 11:47 am
Good site I “Stumbledupon” it today and gave it a stumble for you.. looking forward to seeing what else you have..later
May 20th, 2008 at 7:23 pm
oukzexmjf wqgzlest fopr xzrgtwi jzrm qkyhxtsa vegsoxpd
May 20th, 2008 at 7:25 pm
vquzocl hzipqgf zinsmjhpo xjulqkb vegqotkwa kwphtqi mrkxjw
May 31st, 2008 at 8:20 pm
I read similar article also named Alert: Hackers can take over unused IP Addresses in Highly Trusted domains - Finjan, and it was completely different. Personally, I agree with you more, because this article makes a little bit more sense for me
June 12th, 2008 at 3:40 pm
I searched for \’Dns Hijack Not Hosts File\’ in google and found this your post (\’Alert: Hackers can take over unused IP Addresses in Highly Trusted domains - Finjan\’) in search results. Not very relevant result, but still interesting to read.
June 22nd, 2008 at 9:53 pm
OhZXBf df1zv853gvrvb7gv94gmlas
June 24th, 2008 at 12:33 am
DIb0R5 dfv814t4fdfvmlfn093fvgbos
June 24th, 2008 at 4:01 am
Hi there, I was looking around for a while searching for security product and I happened upon this site and your post regarding Alert: Hackers can take over unused IP Addresses in Highly Trusted domains - Finjan, I will definitely this to my security product bookmarks!
June 25th, 2008 at 7:49 am
I searched for \’Domain Host Hosting Name Web\’ in google and found this your post (\’Alert: Hackers can take over unused IP Addresses in Highly Trusted domains - Finjan\’) in search results. Not very relevant result, but still interesting to read.
July 10th, 2008 at 5:19 am
Would you like to make a substantial income by building Adsense Websites and displaying ads? This set of scripts automates the task and allows you to continue in your regular job. Only a few hours a week will have you up and running and generating a great income. Look at the amm-info . com site for specific information.
July 24th, 2008 at 3:14 am
Wednesday In searching for sites related to AdSense but more specifically to %KEYWORD, I found your site which has great content.
July 26th, 2008 at 7:02 pm
anybody here know of a good site to find more info on managed windows hosting? I\’ve got this site bookmarked and im gonna keep checking it out, but i still would like to find a site that covers managed windows hosting a little more thoroughly..thanks
July 29th, 2008 at 12:55 am
Top News Cash Advance Loans Update = Understandably specialists provide lastest guidelines for Payday Loans who specialize nationally cash advances . Find More On Online Payday Loans _ http://www.horizoncashadvance.com
July 29th, 2008 at 6:24 am
Great info - keep up the great work.
August 9th, 2008 at 4:43 am
My penis grew 1 inche after 5 months of use. Now i
August 10th, 2008 at 1:34 am
Submit Links to Social Bookmarking Websites Automatically! Get Thousands of Visitors! Increase Website Traffic and Income with Automatic Social Bookmarks Submitter. Prepare to upgrade your servers today
August 11th, 2008 at 7:05 pm
Good site I \”Stumbledupon\” it today and gave it a stumble for you.. looking forward to seeing what else you have..later