Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority

Abstract

We study and document an important development in how attackers are using Internet resources: the creation of malicious DNS resolution paths. In this growing form of attack, victims are forced to use rogue DNS servers for all resolution. To document the rise of this "second secret authority" on the Internet, we studied instances of aberrant DNS resolution on a university campus. We found dozens of viruses that corrupt resolution paths, and noted that hundreds of URLs discovered per week performed drive-by alterations of host DNS settings.

Citation: Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority, David Dagon, Chris Lee, Wenke Lee, Niels Provos, Proc. 15th Network and Distributed System Security Symposium (NDSS), 2008.

See also other publications by Googlers.