Finjan Inc, a leader in secure web gateway products, has announced that hackers and cybercriminals are exploiting a loophole in the domain name registration process to infect visitors to legitimate websites and increase the life cycle of cyber-attacks. Attacks using this method typically involve a copycat domain name that is strikingly similar in spelling to the domains of legitimate sites. Leveraging the similarity to legitimate and frequently used domain names enables these attacks to go unnoticed by webmasters and security solution providers. The abuse of trusted domain names attack vector was spotted during October by Finjan's Malicious Code Research Center (MCRC) when searching for popular services with a slight change of the top level domain. When Finjan's MCRC investigated http://go*gle-stat******. org (where * has obscured some of the characters of the domain) it was found that it took advantage of a domain name similar to a legitimate popular service, which contains malicious code that is designed to download and execute a Trojan on the visitor's machine. The malicious code itself is located on the abused domain name.
展开▼
机译:安全Web网关产品的领导者Finjan Inc宣布,黑客和网络犯罪分子正在利用域名注册过程中的漏洞来感染合法网站的访问者,并延长网络攻击的生命周期。使用此方法进行的攻击通常涉及一个模仿域名,其拼写与合法站点的域名非常相似。利用与合法和经常使用的域名的相似性,网站管理员和安全解决方案提供商不会注意到这些攻击。 Finjan的恶意代码研究中心(MCRC)在十月份搜索顶级域名的细微变化的流行服务时发现了滥用受信任域名攻击媒介的情况。 Finjan的MCRC调查http:// go * gle-stat ******时。 org(其中*掩盖了该域的某些字符),发现该域名利用了类似于合法流行服务的域名,该域名包含旨在在访问者计算机上下载并执行Trojan的恶意代码。恶意代码本身位于滥用的域名上。
展开▼
