Ver:
Ataque
informático que consiste en modificar o sustituir el archivo del servidor de
nombres de dominio cambiando la dirección IP legítima de una entidad
(comúnmente una entidad bancaria) de manera que en el momento en el que el
usuario escribe el nombre de dominio de la entidad en la barra de direcciones,
el navegador redirigirá automáticamente al usuario a otra dirección IP donde se
aloja una web falsa que suplantará la identidad legítima de la entidad,
obteniéndose de forma ilícita las claves de acceso de los clientes la entidad.
http://www.inteco.es/glossary/Formacion/Glosario/
Redirecciona
malintencionadamente al usuario a un sitio web falso y fraudulento, mediante la
explotación del sistema DNS, se denomina secuestro o envenenamiento del DNS.
http://www.alerta-antivirus.es/seguridad/ver_pag.html?tema=S
An attack in which an
Attacker corrupts an infrastructure service such as DNS (Domain Name Service)
causing the Subscriber to be misdirected to a forged Verifier/RP, which could
cause the Subscriber to reveal sensitive information, download harmful software
or contribute to a fraudulent act. [NIST-SP800-63:2013]
A form of domain name
spoofing that results in users believing they are on a genuine site with the
correct URL only to be diverted to a scam site.
http://www.enisa.europa.eu/
An exploit in which
criminals disrupt the normal functioning of DNS software which translates
Internet domain names into addresses.
The user enters a correct address but is redirected to a fake website.
http://www.getsafeonline.org/
This is a more sophisticated
form of MITM attack. A users session is redirected to a masquerading website.
This can be achieved by corrupting a DNS server on the Internet and pointing a
URL to the masquerading websites IP. Almost all users use a URL like www.worldbank.com
instead of the real IP (192.86.99.140) of the website. Changing the pointers on
a DNS server, the URL can be redirected to send traffic to the IP of the pseudo
website. At the pseudo website, transactions can be mimicked and information like
login credentials can be gathered. With this the attacker can access the real
www.worldbank.com site and conduct transactions using the credentials of a
valid user on that website.
http://www.sans.org/security-resources/glossary-of-terms/
A type of phishing attack
that involves "DNS poisoning" - malicious code that alters victims'
Domain Name Server (DNS), so that they are automatically directed to a
fraudulent website when they type in the address of a legitimate site. Pharming
attacks are much more difficult to detect than traditional phishing attacks,
since victims will still see the URL of the legitimate website when they are
actually at the fraudulent site. However, it is also an extremely complicated
attack technique, and security experts have noted few examples of it "in
the wild."
A pharming attack occurs
when the victim is fooled into entering sensitive data into supposedly trusted
locations, such as an online bank site or a trading platform. An attacker can impersonate
these supposedly trusted sites and have the victim be directed to his site
rather than the originally intended one. Pharming does not require script
injection or clicking on malicious links for the attack to succeed.
Attack Execution Flow
·
Attacker
sets up a system mocking the one trusted by the users. This is usually a
website that requires or handles sensitive information.
·
The
attacker then poisons the resolver for the targeted site. This is achieved by
poisoning the DNS server, or the local hosts file, that directs the user to the
original website
·
When the
victim requests the URL for the site, the poisoned records direct the victim to
the attacker's system rather than the original one.
·
Because of
the identical nature of the original site and the attacker controlled one, and
the fact that the URL is still the original one, the victim trusts the website
reached and the attacker can now "farm" sensitive information such as
credentials or account numbers.
Attack Pattern 89
http://capec.mitre.org/data/index.html