The misdirection of “open-recursive” DNS servers, which facilitate web-surfing by translating verbal domain names into numerical IP addresses, is the new, more covert face of cyber-criminality, and could explode into a new wave of phishing attacks, IDG News reports. Hackers can use these types of DNS servers to redirect a web user to pages of their choosing, regardless of the web address they entered.
DNS server misdirection itself is not new, but attacks are now coordinated with web- or email-based malware, which changes a Windows registry setting so that an individual's computer can only visit DNS servers compromised by the criminals. With that control, they can subtly, perhaps only occasionally send a user to fake sites—such as during an online banking session—or simply hijack their entire Internet experience. (More DNS stories.)