A woman called me recently to inquire about some of my photographic services. We talked for a while and I directed her to my Web site. While we were st ill on the phone, she tried to go there but got something else...an advertising page with me and other area photographers listed. That wasn't right, so she tried again and got another advertising page, but I wasn't on that page at all.
After some additional conversation and finding out that her son was using the computer to download music files from illegal sites, I was pretty sure that her computer was infected with a great deal of malware, one or more of which changed her DNS settings to take her to another DNS server.
Just to remind you, a DNS server (DNS stands for Directory of Names Services) is where you are first taken when you type in a Web site address, like www.corkrum.com. The DNS server then finds the IP address for that particular Web site then forwards your request to it. It's a translator of sorts so you don't have to remember those long IP address numbers.
DNS servers are located all around the world. When you signed up with your ISP, you were given a DNS address that is entered into either your computer or in your router. Usually, it is the DNS server used by your ISP. Most people have never changed their DNS settings, although they can. But there is some spyware, viruses, and worms that will change your DNS settings without your knowledge. This new DNS server that you are unknowingly using will take you anywhere it wants to to accomplish its ends...including fake Web sites designed to steal your personal information.
That is what probably happened to my potential customer...another reason why you need to have your computer protected with anti-spyware and anti-virus software designed to stop anyone who tries to hijack your computer. Also, a little common sense is needed, such as not clicking on links in your e-mail, even if it is from a friend.
But, there is another story about DNS hijacking that has made the tech news headlines quite recently. A well known expert in Internet security, Dan Kaminsky, discovered a huge security flaw in the current 20-year-old DNS system. Because of the possible ramifications of such a discovery, this flaw was kept under extremely tight security wraps until it could be fixed. Dan wrote a fix for it, then sent it out secretly to every DNS hosting service.
The problem is that not all DNS hosts have run the update. And, of course, now it is no longer a secret so some bad guys may be writing malware to hijack unpatched DNS servers. You have no control over this process as the DNS server itself would be hijacked, not your computer.
Fortunately, Kaminski has a Web site where you can check to see if your particular DNS server has been fixed. Just go over to http://www.doxpara.com and you can just click a button to see if your DNS server is safe. You can also read Kaminski's blog to read more about his research, although he will not reveal the technical details until July 24th at a major tech conference.
In my next blog, I will talk about an alternate DNS site you should be using for even greater security that will stop you from going to phishing sites, pornography sites and other bad places. Stay tuned.
No comments:
Post a Comment