Finjan Inc., a leader in secure web gateway products, today announced that hackers and cyber-criminals are exploiting a loophole in the domain name registration process to infect visitors to legitimate websites and increase the life cycle of cyber-attacks. Attacks using this method typically involve a “copycat” domain name that is strikingly similar in spelling to the domains of legitimate sites. Leveraging the similarity to legitimate and frequently used domain names enables these attacks to go unnoticed by webmasters and security solution providers.
The abuse of trusted domain names attack vector was spotted during October by Finjan’s Malicious Code Research Center (MCRC) when searching for popular services with a slight change of the top level domain. When Finjan’s MCRC investigated
http://go*gle-stat******.org (where * has obscured some of the characters of the domain) it was found that it took advantage of a domain name similar to a legitimate popular service, which contains malicious code that is designed to download and execute a Trojan on the visitor’s machine. The malicious code itself is located on the abused domain name. For more details download the October 2007 Malicious Page of the Month Report
http://www.finjan.com/Pressrelease.a...Lan=1230&lan=3