Skip to main content

Hackers abusing trusted domain names says Finjan

Finjan (opens in new tab)has reported that hackers and other interested parties are registering domain names that are close to, or variants on, major Web portals such as eBay, Facetime, Google and the like, and then using these pages to infect Netter's PCs with all sorts of malware.

The registration of copycat domain names is nothing new, of course, but the use of copycat sites to infect punter's PCs is.

The problem (opens in new tab)was first spotted by Finjan's MRC - Malicious Code Research Center - last month (opens in new tab)when slightly changing the top level domain name of a well-known Google site.

The problem (opens in new tab)appears to stem, says Finjan, from the fact that domain name registrations are not policed, meaning that hackers and other interested parties can register a domain name that is extremely close to, or a variant of, almost any legitimate site.

Finjan's research (opens in new tab)suggests the problem is quite widespread, with more than 1,400 variants on the Google domain name and 3,300-plus variants on the eBay domain name having been discovered.

The problem is blurred, of course, by the fact that some ISPs now intercept domain-name-not-found reports and route them to their own fuzzy logic search routines - with advertising - in a bid to capture extra Web traffic.

Because of the issue, Finjan is advising Netters to use pro-active Web security software on their machines, as well as using real-time content inspection technology that analyses each and every piece of Web content in real-time, regardless of its original source, domain name or the way it looks.

This all means that conventional AV and URL filtering software is not enough and that integrated packages such as McAfee Security Center and Zone Labs Security Suite are the best form of protection.

The fact that these apps are bloatware and hog system resources, of course, is another matter...