Phishing in Fast FluxPhishing in Fast Flux
Phishers are deploying more sophisticated methods of sustaining their malicious sites
October 4, 2007
12:43 PM -- Phishing has been around in various forms for well over a decade, but it's achieved a level of sophistication beyond the simple email scam that we've all come to know and loathe. One such innovative tactic for phishing is fast-flux DNS.
One of the big problems in the hacking industry is survivability: How do you create a virus/worm/phishing site that will last? It's hardest with phishing, because if the site goes offline, the phisher can no longer get new accounts.
Fast-flux DNS is commonly used in benign business continuity applications -- if one site goes offline, you can send your traffic elsewhere. Fast-flux DNS allows you to point your DNS to multiple sites, so that when one goes offline, the others are used.
Phishers test different techniques and scenarios to see how effective they are, and in some of these tests, phishers have begun using fast-flux DNS to preserve the survivability of their own domains. Because it's much harder to get registrars to de-commission a phishing domain than it is to tell an ISP to take a machine offline, fast-flux DNS is more effective. Suddenly, a single domain may survive weeks or months, whereas before it could have survived just a few hours or days.
That's why a multi-pronged approach is necessary to protect users from phishing exploits. The browsing community has implemented anti-phishing filters to help protect consumers from entering their information on phishing sites that do end up surviving. If a user doesn't subscribe to an anti-phishing filter, he or she is taking a risk. The use of fast-flux DNS by phishers may still be rare now, but eventually it will be a viable risk-mitigation technique for phishers looking to solve their malevolent business continuity problems.
About the Author(s)
You May Also Like
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023
How to Deploy Zero Trust for Remote Workforce Security
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
The Burnout Breach: How employee burnout is emerging as the next frontier in cybersecurity
AI in Cybersecurity: Using artificial intelligence to mitigate emerging security risks
Selling Breaches: The Transfer of Enterprise Network Access on Criminal Forums