Cybercrime

Cybercrime / News Briefs

Anti-DNS Google Desktop Attack Reported

Google's PC search software is vulnerable to a variation on a little-known Web-based attack called anti-DNS (Domain Name System) pinning, that could give an attacker access to any data indexed by Google Desktop, security researchers said this week.

...Anti-DNS pinning is an emerging area of security research, understood by just a handful of researchers, said Jeremiah Grossman, chief technical officer at WhiteHat Security. more

Researchers Say Attackers Can Hit Home Routers

If you haven't changed the default password on your home router, do so now. That's what researchers at Symantec and Indiana University are saying, after publishing the results of tests that show how attackers could take over your home router using malicious JavaScript code.

...In tests, the researchers were able to do things like change firmware and redirect a D-Link Systems DI-524 wireless router to look up websites from a DNS server of their choosing. more

Attack Seriously Slows Two Internet Root Servers

Online attackers have briefly disrupted service on at least two of the 13 "root" servers that are used to direct traffic on the Internet.

The attack, which began Tuesday at about 5:30 a.m. Eastern time, was the most significant attack against the root servers since an October 2002 distributed denial of service (DDOS) attack, said Ben Petro, senior vice president of services with Internet service provider Neustar Inc. more

Phishing Attacks Surpass Viruses and Trojans

Phishing attacks have outnumbered emails infected with viruses and Trojan horse programs for the first time, according to security experts.

...The difference in the ratio of phishing to virus attacks is partly due to virus attacks becoming more targeted and no longer occurring as one large outbreak. This includes the recent Storm Worm and Warezov attacks, according to MessageLabs. more

Legal Attack on ARIN Dismissed in Court

The American Registry for Internet Numbers (ARIN) has announced [PDF] that it has prevailed in a lawsuit that challenged ARIN's ability to allocate Internet Protocol (IP) number resources fairly. The lawsuit was brought by an individual - Gary Kremen - who sought to have a netblock of IP addresses transferred to him without agreeing to ARIN's standard terms and conditions.

"Today's victory is significant for consumers who rely on the Internet to operate efficiently and effectively," said ARIN President and CEO Raymond Plzak. more

Domain Name Arbitration Disputes on Rise

Internet domain name arbitration disputes have risen by more than a quarter since January 2005 -- despite the expansion of generic top-level domain addresses like .biz and .info -- as cybersquatters find more sophisticated ways of encroaching on legitimate Web sites.

...Typosquatting, a form of cybersquatting that involves capturing another company's Web traffic by registering misspelled versions of a well-known Internet site or brand name, is driving much of the growth in domain-name disputes, according to intellectual property lawyers. more

Microsoft Launches New Offensive Against Cybersquatters

Microsoft on Tuesday launched a new offensive against cybersquatters who allegedly gain illegal profits from thousands of Web sites, such as WindowsLiveTutorial.com and HaloChamp.com, that include the company's trademarked names.

Redmond filed three lawsuits in federal court this week claiming that some Web site operators have registered and operate hundreds of domain names with the sole purpose of reaping "bad faith" profits and in violation of federal and state laws. more

Europe Must Reboot its Fledgling .EU Domain Name

Europe must reboot its fledgling domain name to avoid a system crash, critics say, after alleged missteps allowed cybersquatters to stockpile trademarks for auction.

...Diana Wallis, a British liberal European Parliament member on the body's legal affairs committee, has asked the Commission to give a "full explanation of how the .eu domain allocation has been handled."

"If the scale of the abuse is anything like what appears to have taken place, this will represent a major EU scandal and commissioners will need to be brought to account," she said. more

ICANN Must Clamp Down On Domain Name Abuse

While Congress continues to consider the merits of so-called Net neutrality, an even more soporific but vital Internet legal issue looms, with ramifications for every business online and every user of the World Wide Web: What is the purpose of the database that contains information on every domain name registrant?

This question is being quietly debated by the Internet Corporation for Assigned Names and Numbers (ICANN) -- the Net's keeper of the all-important addressing system -- which is meeting June 26-30 in Marrakech, Morocco.

Today, cybersquatters have rebranded themselves as "domainers," says Doug Isenberg, the author of the article over at CNet News. more

Security Experts Warn VoIP Attacks May Be Just Around the Corner

It's become a familiar pattern in online security. A groundbreaking way to communicate emerges, spreads like wildfire, and then hackers find a way to use it to their advantage. Security companies react--but not before the problem has succeeded in wreaking havoc. It happened with e-mail and is happening now with instant messaging and mobile devices.

The next area that could be targeted: Voice over Internet Protocol, or VoIP, which lets people make low-priced phone calls using the same technology that delivers e-mail. And the results could be just as damaging, if not worse, than with other technologies, some security experts warn.  more

DNS Hackers Target Domain Registrars

Hackers have launched distributed denial of service attacks against the Domain Name System (DNS) servers of a brace of domain name registrars over recent days. The motive for the separate attacks against VeriSign and Joker.com remains unclear.

VeriSign said the attack on its name servers caused a "brief degradation" in the quality of its service to customers for around 25 minutes on Tuesday afternoon, ComputerWorld reports. Domain registrar Joker.com is recovering from an attack on its name servers last week that lasted for six days up until last Sunday. Joker.com, which is based in Germany, handles the registration of approximately 550,000 domains. more

Cybersquatters Try New Tactics: Soft Squatting

Cybersquatting the domain name of a celebrity and selling it for a king's ransom was one of the great get-rich-quick schemes of the early internet. But since courts now tend to favor the star over the squatter, a new kinder, gentler cybersquatting tactic has emerged.

These days, cybersquatters seek to register a star's domain before that person becomes famous, and then develop a business relationship with the new celebrity, offering website hosting or design work. These so-called soft squatters are registering the domains of hundreds of amateur athletes, musicians and other would-be stars in the hope that one or two of the names will become well-known. more

DNS Servers Do Hackers' Dirty Work

"DNS is now a major vector for DDOS," Dan Kaminsky, a security researcher said, referring to distributed denial-of-service attacks. "The bar has been lowered. People with fewer resources can now launch potentially crippling attacks."

Just as in any DDOS attack, the target system -- which could be a victim's Web server, name server or mail server -- is inundated with a multitude of data coming from multiple systems on the Internet. The goal is to make the target unreachable online by flooding the data connection or by crashing it as it tries to handle the incoming data.  more

Effects of Domain Hijacking Can Linger

Malicious hackers who are able to hijack an organization's Web domain may be able to steal traffic from the legitimate Web site long after the domain has been restored to its owner, according to a recent report.

Design flaws in the way Web browsers and proxy servers store data about Web sites allow malicious hackers to continue directing Web surfers to malicious Web pages for days or even months after the initial domain hijacking. more

New Policy in China Favors Cybersquatters

New regulations will make it more difficult for companies to protect their domain names from cybersquatters in China.

Under the new rules, foreign and local firms will need to prove malicious intent and act quickly to have any hope of retrieving stolen domain names, according to a regulatory official interviewed by Chinese news site Sina. The new rules appear to give a green light to cybersquatters who buy up domain names which are similar to brand names in the hope of selling later for a profit. more