Quantcast
PC World: Technology Advice You Can Trust
Search
Browse by Topic
Subscribe to magazine

Magazine

Subscribe & Get
a Bonus CD

Customer Service

Audio & Video Business Center Cameras Cell Phones & PDAs Desktop PCs Gadgets Gaming HDTV Laptops Macs & iPods Monitors Printers Software Spyware & Security Storage Upgrading Windows Vista & XP
Resource Centers
Asus Notebook Center
Intel Technology Center
CDW Solution Center
Lenovo Laptop Showcase
Try It Free
White Paper Library
Webcast Library
Most Popular Search Terms
Most Popular Products
Most Popular Downloads
Today at PC World
Today @ PC World
News, opinion, and links from the PC World staff.
Recent entries in this blog:
Sunday, August 06, 2006 10:37 AM PT Posted by Erik Larkin

How to Keep a Phish Alive

Here's another example, this one out of Defcon here in Vegas, of how phishers and other online criminals work to stay one step ahead of the good guys. To get around attempts to shut down their phishing sites, the bad guys are using a trick with the domain name service, or DNS, that translates human-readable names like www.google.com into the IP addresses that computers use to find their way around on the Internet. DNS is a must-have; the Internet couldn't function without it.

But the crooks are using an otherwise useful, and often free, service called dynamic DNS to keep phishing sites alive. The service lets anyone who signs up for an account link a name to a changing IP address, which is good for things like using a webcam at home.

Problem is, when a phishing site is found and shut down, phishers using dynamic DNS can just start another one at a new IP address and keep the same name. So all those email links pointing to http://stealyourmoney.phishing.com will still work.

I found out about this one at a talk from Gadi Evron, who works for an Israeli security company. He says botnet controllers use the same trick to keep the command-and-control centers for their botnets. Used to be that the control servers were a good target, because if you shut them down the botnet was effectively dead in the water. But dynamic DNS allows the same continuous cat-and-mouse game here too.

The people running dynamic DNS fight the criminals, of course, but it's an ongoing battle that for the moment (at least according to Evron) gives the bad guys the advantage. Yet another reason why phishing won't be going away any time soon.
Comments

OK, then just register the domain name the phishers had, and keep it out of circulation. This can be that hard to do...

jdmaddison
August 09, 2006
8:14 AM PT

You can't register a name that's already in use. That's the point, the domain name stays the same throughout the entire process, but the underlying IP address changes.

gigaspork
August 09, 2006
12:40 PM PT

But, if the people running dynamic DNS "confiscated" the phish-namename, so it shows up as being owned (the crooks cannot just re-register it), but it can't be controlled by the crooks, wouldn't that solve this part of the problem?

angelsix
August 10, 2006
2:25 PM PT
Post a comment Post a comment
Recent Posts
More Bad News for Blu-Ray
McCain Pushes Fair Use on YouTube
Firefox Update Enters Beta
Googling Is Good For Your Brain
Apple vs. the Economy: Can the New Macs Really Sell?
Motorola, Verizon Deliver ZN4 Touch-Screen: Krave
Pimp Your Flip Mino with Customizable Designs
Archives
View posts from:
 

PC World's Marketplace

PC World's Free Whitepapers

QUICK LINKS: cheap laptops cell phones laser printers HDTV reviews LCD TV Plasmas digital cameras laptop reviews security antivirus windows vista reviews digital camera reviews inexpensive desktop LCD wide screen monitors
tech news tech blogs community & forums laptop prices software reviews downloads
About UsContact UsAdvertiseASME GuidelinesNewslettersFAQIDG InternationalMagazine Customer Service
© 1998-2008, PC World Communications, Inc.Terms of Service AgreementPrivacy PolicyCommunity Standards
RSS FeedsXML

Visit other IDG sites: