Reducing Malicious Activities With Domain Interdiction



The term "spear-phishing" is used when describing a cyber attack done by sending an email that contains either a malicious link or attachment to a victim over the Internet. Once the victim either opens the attachment or clicks on the embedded link, their machine can become compromised; enabling the attacker to perform follow-on exploitation activities against the victim such as installing keylogger software, document exfiltration, and other malicious activities (TrendMicro, 2012). 

One of the key indicators of a compromised machine are domain name server (DNS) requests sent from the victim to a public DNS server such as Google. Victims will send DNS requests to resolve the IP address of a malicious domain name of the attackers software, which will then enable connectivity between the malicious domain and the victim's computer. This WebQuest will discuss the concept of bringing together multiple public DNS providers in an effort to reduce the ability for malicious programs to properly resolve the IP addresses of malicious domains. 

The Public URL for this WebQuest:
WebQuest Hits: 595
Save WebQuest as PDF

Ready to go?

Select "Logout" below if you are ready
to end your current session.