Tuesday, December 9, 2008

DNS Changer Learns a New Trick

SANS, Symantec, McAfee and others have reported on a new trick that malware is using to redirect unsuspecting users from authentic web destinations--the name we type into the browser address bar or pick from our favorites--to a web server operated by the Bad Guys. These guys can set up web sites that look just like the real Citibank or Wachovia but are designed to steal our user ID and password or transfer money out of our account.

The trickiest part of the new trick is that we can follow all of the best security advice and still be susceptible. If one user on a Wifi network is infected with this new DNS Changer, all users who connect to that network can have their DNS settings changed by the one infected computer. So that guy who is halfway through his latte when you sit down in the coffee shop and open your laptop could be a threat to you. Even if you are super careful about the websites you visit and the security software you have installed.

How?
DNS is the Internet-wide system that translates names like "online.mybank.com" into the numerical address our computers need to actually connect to MyBank. If the Bad Guys control your DNS, they control where your web browser really goes when you think it is going to PayPal.

Every time we open our laptop and connect to a new network, a router on that network will send down settings that let us connect, (pay!), and get out on the Internet. The new DNS Changer trick is this: a computer infected with this DNS Changer variant will listen for new computers requesting a connection on the same network (the same coffee shop) and try to answer with Bad Guy settings before the "official" router can send it the "official" settings.

As fundamental as DNS is to the operation of the world-wide web, it's amazingly susceptible to compromise. This new DNS Changer behavior capitalizes on the vulnerability of DNS settings and: (1) leaves no traces, (2) doesn't require your computer to be infected with anything that your antivirus software will complain about.

Now What?
This is why we invented SafeCentral. SafeCentral includes a unique Secure DNS feature that protects against DNS Changer and other threats. SafeCentral uses it's own DNS. It uses Authentium's Secure DNS servers and it does so through an encrypted (HTTPS) connection.

So even if we connect to a Wifi hotspot that is hosting an infected computer, we can happily browse the web, bank and shop safely.

No comments: