Home > CAPEC List > CAPEC-611: BitSquatting (Version 2.9)  

CAPEC-611: BitSquatting

 
BitSquatting
Definition in a New Window Definition in a New Window
Attack Pattern ID: 611
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

Bitsquatting refers to the registration of a domain names one bit different than a popular domain. A bitsquatting attack leverages random errors in memory to direct Internet traffic to attacker-controlled destinations. Bitsquatting requires no exploitation or complicated reverse engineering, and is operating system and architecture agnostic. Experimental observations show that bitsquatting popular websites could redirect non-trivial amounts of Internet traffic to a malicious entity.

+ Attack Prerequisites
  • None

+ Typical Severity

Low

+ Attacker Skills or Knowledge Required

Skill or Knowledge Level: Low

Adversaries must be able to register DNS hostnames/URL’s.

+ Solutions and Mitigations

Authenticate all servers and perform redundant checks when using DNS hostnames.

When possible, use error-correcting (ECC) memory in local devices as non-ECC memory is significantly more vulnerable to faults.

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
Execute unauthorized code or commands
This attack must be used in combination with other follow-on attacks in order to affect a significant impact.
+ Technical Context
Architectural Paradigms
Mobile
+ References
[R.611.1] Artem Dinaburg. "Bitsquatting: DNS Hijacking without exploitation". Raytheon. <http://media.blackhat.com/bh-us-11/Dinaburg/BH_US_11_Dinaburg_Bitsquatting_WP.pdf>.
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2015-11-09Internal_CAPEC_Team

More information is available — Please select a different filter.
Page Last Updated or Reviewed: December 07, 2015