Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-611:BitSquatting
Attack Pattern ID:611
Version:v3.9
Attack Pattern Name:BitSquatting
Abstraction:Detailed
Status:Draft
Likelihood of Attack:Low
Typical Severity:Medium
DetailsContent HistoryRelated WeaknessesReports
▼Description
An adversary registers a domain name one bit different than a trusted domain. A BitSquatting attack leverages random errors in memory to direct Internet traffic to adversary-controlled destinations. BitSquatting requires no exploitation or complicated reverse engineering, and is operating system and architecture agnostic. Experimental observations show that BitSquatting popular websites could redirect non-trivial amounts of Internet traffic to a malicious entity.
▼Extended Description
▼Alternate Terms
▼Relationships
NatureTypeIDName
ChildOfS616Establish Rogue Location
CanFollowS98Phishing
CanPrecedeS89Pharming
CanPrecedeD543Counterfeit Websites
Nature: ChildOf
Type: Standard
ID: 616
Name: Establish Rogue Location
Nature: CanFollow
Type: Standard
ID: 98
Name: Phishing
Nature: CanPrecede
Type: Standard
ID: 89
Name: Pharming
Nature: CanPrecede
Type: Detailed
ID: 543
Name: Counterfeit Websites
▼Execution Flow
Explore
1.

Determine target website

The adversary first determines which website to impersonate, generally one that is trusted and receives a consistent amount of traffic.

Technique
Research popular or high traffic websites.
Experiment
1.

Impersonate trusted domain

In order to impersonate the trusted domain, the adversary needs to register the BitSquatted URL.

Technique
Register the BitSquatted domain.
Exploit
1.

Wait for a user to visit the domain

Finally, the adversary simply waits for a user to be unintentionally directed to the BitSquatted domain.

Technique
Simply wait for an error in memory to occur, redirecting the user to the malicious domain.
▼Prerequisites
An adversary requires knowledge of popular or high traffic domains, that could be used to deceive potential targets.
▼Skills Required
Low

Adversaries must be able to register DNS hostnames/URL’s.

▼Resources Required
▼Indicators
▼Consequences
ScopeLikelihoodImpactNote
OtherN/AOtherDepending on the intention of the adversary, a successful BitSquatting attack can be leveraged to execute more complex attacks such as cross-site scripting or stealing account credentials.
Scope: Other
Likelihood: N/A
Impact: Other
Note: Depending on the intention of the adversary, a successful BitSquatting attack can be leveraged to execute more complex attacks such as cross-site scripting or stealing account credentials.
▼Mitigations
Authenticate all servers and perform redundant checks when using DNS hostnames.
When possible, use error-correcting (ECC) memory in local devices as non-ECC memory is significantly more vulnerable to faults.
▼Example Instances
▼Related Weaknesses
IDName
▼Taxonomy Mappings
Taxonomy NameEntry IDEntry Name
▼Notes
▼References
Reference ID: REF-485
Title: Bitsquatting: DNS Hijacking without exploitation
Author: Artem Dinaburg
Publication:
Publisher:Raytheon
Edition:
URL:http://media.blackhat.com/bh-us-11/Dinaburg/BH_US_11_Dinaburg_Bitsquatting_WP.pdf
URL Date:
Day:N/A
Month:N/A
Year:N/A
Details not found