Monday, November 07, 2011

Site redirection to surveys occurs with wrong tld's on popular sites (as well as phonetic misspellings); Brazil reports DNS cache poisoning crisis, could spread to US?

Today, there was an odd incident trying to access the “Khan Academy” online school, which was reported on CNN last night by Fareed Zakaria.

I found an old link to this site which, on my on May 30 posting on the Bill Boushka blog which, when I clicked on it, apparently took me to an online survey site.  (This has been a problem when misspelling Facebook).  I checked again on firefox and found that today the correct name is khanacademy.org, (the misspelling with "kahn" and .org resolves to “rm.910587.kahnacademy.org” but sometimes won’t load and leads to a connection reset -- again, suspicious behavior which should lead a surfer to suspect misspelling). 

A Webroot scan subsequent to the accident found multiple spy cookies but no viruses.  
 
If you enter KhanAcademy .com in Mozilla, it resolves to org.  I also found fake entries for the .com version in Facebook.

It now looks like the wrong sites came from misspelling "Khan Academy" as  (incorrectly)   "Kahn".   I also found fake entries for the  misspelled .com version in Facebook.    (I also corrected the Khan spelling on a May 31 post on the my main blog.)  It's easy to scramble unpronounced letters in other languages. 


Again, it seems that hackers to usurp unused tld’s of popular sites, as well as likely misspellings.  "Social surveys" usually try to collect personal information and make money my gang-sending cell phone texts, as well as install spy cookies.

And now Net-Security is reporting that Brazilian ISP’s are encountering “DNS cache poisoning attacks” when visitors go to common sites like Google and Facebook, putting up fake pop-up windows with fake anti-virus software.  The report posted today is here.  Kaspersky has been reporting on the problem. 

Is there any chance that the cache poisoning is happening to popular sites in the US, in order to implement crude hacks to get personal information?

Check my posts on the DNS crisis in 2008 in August 2008 on my "id theft" blog. Some attorneys with a technical and security background have warned that the SOPA or Protect-IP legislation now proposed in Congress could encourage DNS cache poisoning.

No comments: