Examples of DNS Abuse Techniques

JPCERT/CC has published a list of phishing URLs that demonstrate examples of techniques including domain generation algorithms (DGAs) and malicious registrations of effective SLDs.

We see many random meaningless TLDs that are as or more random than typo squatting. For exapmle;https://github.com/JPCERTCC/phishurl-list/blob/main/2022/202206.csvActors are likelier to commit DNS abuse by assigning legitimate service or company names to free-level domains/subdomains of random meaningless TLDs.

Nominet published an explanation of how dangling DNS entries can lead to vulnerability to the lame delegation and on-path DNS attack techniques.

The IRS published a warning against SMS scams making use of malicious registration as well as spoofing the target organization.

IC3 also issued a PSA on the same issue, seehttps://www.ic3.gov/Media/Y2022/PSA221004, which might be more helpful.

As background:

Sender ("Caller ID"): us.reveneu.servce.4658129@anissnail[.]live

URL #1 (in SMS/text served as redirect): hxxp://lubinaf[.]me/?irs-deducted-taxes-record=73061413

URL #2 (served as a redirect to landing page): hxxps://104.248.0.8/dika[.]php

URL #3 (landing page): hxxps://usa[.]get[.]dlsaster[.]tax/home [Note: Fraudulent domain is typosquatted on a gTLD]

• DNS Abuse SIG
  • Stakeholder Advice
    • Detection
      • Cache Poisoning
      • Creation of Malicious Subdomains Under Dynamic DNS Providers
      • DGA Domains
      • DNS As a Vector for DoS
      • DNS Rebinding
      • DNS Server Compromise
      • DoS Against the DNS
      • Domain Name Compromise
      • Dynamic DNS (as obfuscation technique)
      • Fast Flux (as obfuscation technique)
      • Infiltration and exfiltration via the DNS
      • Lame Delegations
      • Local Resolver Hijacking
      • Malicious registration of (effective) second level domains
      • On-path DNS Attack
      • Stub Resolver Hijacking
  • Code of Conduct & Other Policies
  • Examples of DNS Abuse