Unearthing the Roots of Cyberfraud: Exposing DNS Exploitation in AdFraud and Phishing

Dr. Minaxi Gupta
Indiana University


Cyberfraud affects Internet users on a daily basis. Drawing from the contexts of advertisement fraud and phishing, this talk will describe how miscreants exploit the Domain Name System (DNS) in setting up cyberfraud infrastructure. First, I will describe the results from in situ experimentation with the largest online fraud infrastructure recently taken down by the FBI under "Operation Ghost Click". At the heart of this advertisement fraud scheme was a DNS changer malware, which helped the attackers hijack clicks and ad impressions on victim machines. The fraud affected 4 million users and made its perpetrators 14 million USD over a period of of four years. Next, I will describe how phishing, malware, and other scam sites exploit two DNS features, namely, wildcards and the presence of orphan DNS servers. Our work points to the need to better scrutinize and protect the DNS infrastructure.