"Mendacious machines controlled by hackers that reroute Internet
traffic from infected computers to fraudulent Web sites are
increasingly being used to launch attacks, according to a paper
published this week by researchers with the Georgia Institute of
Technology and Google Inc.
The paper estimates roughly 68,000 servers on the Internet are
returning malicious Domain Name System results, which means people with
compromised computers are sometimes being directed to the wrong Web
sites — and often have no idea.
The peer-reviewed paper, which offers one of the broadest
measurements yet of the number of rogue DNS servers, was presented at
the Internet Society's Network and Distributed System Security
Symposium in San Diego.
The fraud works like this: When a user with an affected
computer tries to go to, for example, Google's Web site, they are
redirected to a spoof site loaded with malicious code or to a wall of
ads whose profits flow back to the hackers.
The hackers who hijack DNS queries are looking to steal
personal information, from e-mail login credentials to credit data, and
take over infected machines.
The spoof sites run the gamut. Some are stunningly convincing, others amusingly bogus with spelling errors and typos."
Article Link: http://www.sfgate.com/cgi-bin/article.cgi?f=/n/a/2008/02/13/financial/f160437S91.DTL&feed=rss.business
