[g__day (Matthew)]

A poisoned DNS would pass undetected by any existing defence on your computer. It could be at your PC or your Internet Service Provider.

Basically Directory Name Services (DNS) is the conversion that turns a English web address or URL like www.optusisgood.net into an IP address like 65.66.77.68 that is actually used to direct all your communications.

Imagine your DNS is the target of the attack and that URL is re-coded to be a look alike site www.optusisbad.org with an IP address 68.67.66.65.

Well you’d just click on your favourites to go to say My ISP and your or your ISP’s or a net re-directors DNS with an infection delivers you to the fake site, which passes on all your session to the real site, but skims details on the way.

If it were well coded it would be undetectable unless you knew low level TCP/IP coding, obtained the site certificates and checked them against the valid entity to ensure there was no hijacking or eaves-dropping going on. And how many folk here ever check the certificates are correct when you log on to your bank? None I bet.

In the above, very real scenario, the Bank can’t easily tell there is an eaves dropper on its https tunnel, nor that the source of that tunnel isn’t your normal home machine, and you’d be none the wiser anyway.

Your spybot, firewall and virus scanner wouldn’t pick up this hijacking either, to them nothing untoward would have occurred. Only a very savvy network engineer, with a lot of free time, and specifically looking for this type of problem by the network traffic it produces could hope to detect this risk. Given these attacks could be intermittent they would be hard even for the world’s best automated Intruder Prevention System (IPS – e.g. Tier 3 by Huntsman) would find it hard to even see these type of anomalies in the tens of millions of IP connects that happen every second in Australia.

Suggest you give this area increasing thought if you do online transactions!