Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority

David Dagon
Chris Lee
Wenke Lee
Niels Provos
Proc. 15th Network and Distributed System Security Symposium (NDSS), Internet Society, San Diego, CA (2008)


We study and document an important development in how attackers are using Internet resources: the creation of malicious DNS resolution paths. In this growing form of attack, victims are forced to use rogue DNS servers for all resolution. To document the rise of this "second secret authority" on the Internet, we studied instances of aberrant DNS resolution on a university campus. We found dozens of viruses that corrupt resolution paths, and noted that hundreds of URLs discovered per week performed drive-by alterations of host DNS settings.