Spike in malware during first half of 2008, study finds
Impending disclosure of DNS flaw promises even more pain
By Tom Jowitt, Techworld | Published 07:30, 18 July 08
Besides the SQL injection attacks, ScanSafe also found that password stealers and backdoor Trojans are the most commonly blocked malware. This category of malware increased from 4 percent of malware in January to 27 percent in June.
And according to Landesman, things could be about to get a lot worse.
"It is already bad," she told Techworld, "but we have seen from a study we carried out in May 2007 and then again in May 2008, that the number of DNS exploits have increased 1392 percent since May 2007."
"But we are still talking about relatively small numbers, so this was put on our watch list," she said. "However a number of things have occurred since May that give me cause for greater concern," she said, pointing to the mass DNS patch of last week across a huge section of the industry.
She is especially worried about the 20 year old DNS vulnerability that has been discovered by Dan Kaminsky, and which he will make public in August.
"Once details of that vulnerability are released, there will be huge interest in the attack community to exploit it," said Landesman. "Industry concern is huge at the moment. A user could open their browser, type in 'www.google.com', and then trust the website that they are directed to."
"But if a user's DNS is poisoned, the site may look identical to Google but every link could be to fraudulent sites," she warned. "If the DNS is poisoned, and you try to log onto your bank account, it could direct you to look-a-like site, and then as you try to login, it sends the password details to the real site, and your attacker can now log onto your bank account."
Landesman does not believe that Kaminsky DNS vulnerability discovery is a publicity stunt. "He entrusted two others who criticised him to take a look at the vulnerability. They did and then they both posted retractions and said it was very serious flaw."
Landesman feels that while there has been a huge increase in raw numbers of these attacks, they are still low, but after August this will change.
"If you own someone's DNS, you own everything they do online," she warned. "After the DNS disclosure it may be a very dark time. The clock is ticking for IT administrators to secure their networks."
"We strongly encourage them to consider their web security as a primary focus," she said. "They should assess their web security, and take steps to ensure that users, when browsing the web, are not serving as a convey belt of malware exploits."
