DNS

Like most online game makers, Valve uses a cheat detection system to protect popular multiplayer games like Counter-Strike: Global Offensive, Team Fortress 2, and Dota 2 from hacks that would give a player an unfair advantage. That Valve Anti-Cheat (VAC) system was at the center of a potential privacy bombshell earlier today, with accusations that the system was sending Valve a list of all the domains that a system has visited whenever a protected game was played.

Distributed denial-of-service (DDoS) attacks have scaled up in the past year, according to Arbor Networks' latest Infrastructure Security Report (PDF), and many attackers are learning from each other to meet their objectives.

Those surveyed in the study, around 220 operational security professionals, reported that DDoS attacks are the number one threat against their infrastructure.

NirSoft has announced the public availability of DNSQuerySniffer, a tiny (130KB, including a Help file) network sniffer which detects and displays your DNS traffic.

If you think this sounds just a little technical, then you’re right, but the program does have some interesting applications. Malware will often use DNS traffic to communicate with its operators, for instance, and so taking a closer look at your own system may reveal the signs of an infection (a large number of failed lookups to domains you don’t recognize, say).

Although this week's large-scale DDoS attack against Spamhaus may not have been as crippling as early reports suggested, they were noteworthy in that they shined spotlights on a couple of the Internet's many underlying weaknesses.

Among them are open DNS resolvers, which enable a technique called DNS amplification wherein attackers bombard target servers with as much as 100 bytes of network-clogging traffic for every one byte they send out.

Monday, 9 July, was supposed to be 'Internet Doomsday' when the US' Federal Bureau of Investigation (FBI) was to shut down servers associated with the DNSChanger malware. As a result, computers infected with this threat were to be cut off from the Internet.

US authorities have officially cut off servers in New York put in place to direct internet traffic for computers infected with the DNSChanger malware.

But concerns around a potential internet blackout for an estimated 211,000 computers still believed to be infected at the time of the shut down were ultimately unfounded. Approximately 6000 Australian internet subscribers faced a similar fate locally, with the majority sourced to Telstra connections.

This coming Monday, 9 July, the FBI will be turning off the DNS server which currently intercepts queries from DNSChanger victims. This will mean that users who are infected with the malware will be almost completely unable to access the internet normally. Users are therefore advised to check whether their computers or routers use one of the FBI-listed IP addresses for DNS queries, well before the server shutdown, by visiting dnschanger.eu or dns-ok.us.

Users who want to check their configuration manually need to look out for the following IP address ranges:

Manipulating the internet's domain-name system (DNS) to reduce the impact of criminal malware DNSChanger has proved successful. Extending the technique to deal with other matters, however, represents the thin end of a wedge, according to DNS pioneer Dr Paul Vixie.

The FBI said that in 2007, DNSChanger infected 4 million computers worldwide, altering their settings so that they used DNS servers provided by the criminals, which allowed them to redirect the users to fraudulent websites.

The number of malware threats that receive instructions from attackers through DNS is expected to increase, and most companies are not currently scanning for such activity on their networks, security experts said at the RSA Conference 2012 yesterday.

There are many channels that attackers use for communicating with their botnets, ranging from traditional ones like TCP, IRC and HTTP to more unusual ones like Twitter feeds, Facebook walls and even YouTube comments.