[dns-operations] Trend/ISC DNS Changer takedown.

Paul Wouters paul at xelerance.com
Fri Nov 11 14:14:11 UTC 2011


On Fri, 11 Nov 2011, Peter Koch wrote:

>>> <http://krebsonsecurity.com/2011/11/malware-click-fraud-kingpins-arrested-in-estonia/>
>
> impressive.
>
>> Anyone left who thinks DNSSEC should not be running on each device node?
>
> Interesting question but I fail to see the connect to the story above.
> Any malware that intercepts "at a very low level" to redirect DNS queries
> can safely be assumed to bring the ability to change trust anchor
> information at the same time.

Some malware installed on the compromised machines would then probe and
attempt to hack the local DHCP server and its DNS options. This would
lead to a DNS compromise on the network level for everyone, instead
of just the one infected computer.

Additionally, there are the large scale Brasil compromises where ISP
operators rewrote the ISP cache to redirect users. With that story
broken publicly, one wonders how many more lowly paid ISP DNS admins
are out there thinking about changing the cache to up their salaries.

Paul



More information about the dns-operations mailing list