Finjan warns of hackers abusing trusted domain names

Internet Business News,  Nov 16, 2007  

• E-mail
• Print
• Link

INTERNET BUSINESS NEWS-(C)1995-2007 M2 COMMUNICATIONS LTD

Web security solutions provider Finjan Inc announced on Thursday (15 November) that hackers and cyber-criminals are exploiting a loophole in the domain name registration process to infect visitors to legitimate websites and increase the life cycle of cyber-attacks.

According to the company, attacks using this method typically involve a 'copycat' domain name that is highly similar in spelling to the domains of legitimate sites. The similarity to frequently used domain names means that these attacks can go unnoticed by webmasters and security solution providers.

The abuse of trusted domain names was spotted during October 2007 by Finjan's Malicious Code Research Center (MCRC) when searching for popular services with a slight change of the top level domain. When the MCRC investigated the site, it was found that it took advantage of a domain name similar to a legitimate popular service, and contained malicious code that was designed to download and execute a Trojan on the visitor's machine.

When the company researched where the domain name hosting the malicious site was located, it found out that the code was located on a trusted controlled IP address. Finjan contacted the security team of that domain and was notified that the necessary action had been taken. A subsequent check showed that the malicious code is no longer available on the hosting servers.

In order to protect users from such web threats, businesses should adopt real-time inspection technologies that analyze each piece of web content regardless of its URL or IP address, Finjan said.

((Comments on this story may be sent to info@m2.com))

COPYRIGHT 2007 M2 Communications Ltd.
COPYRIGHT 2008 Gale, Cengage Learning