Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

The group also identifies methods for detecting flux and suggests that flux detection should be built into the domain name system itself. Since using the technique likely means a site is fraudulent, the system itself could help protect unsuspecting users from visiting these sites.

Shortening detection time by even a few hours can make a significant difference, says Alper Caglayan, president of Milcord, a company based in Waltham, MA, that collects real-time data about botnets. “If they can operate even a day, they’ve already made too much money,” he adds.

Caglayan notes that there are some legitimate ways to use flux–for example, to deliver multimedia content efficiently–but says that the way a botnet uses flux should look different. For example, a botnet’s machines are scattered around the world in a pattern that wouldn’t make sense for a legitimate business.

Some experts believe that a multipronged approach is needed to stop phishing sites. Caglayan’s company provides a service that helps Internet service providers and other large network administrators find and shut down infected machines within their networks.

Some Web browsers also use blacklists to warn users away from fraudulent sites. But tricks like flux make it almost impossible for those blacklists to stay current enough to be useful. Caglayan expects that, in the future, browsers will need to build in systems that can detect fraud on their own.

Detecting flux will only help people who are using blocking services of some kind, says Manoj Srivastava, chief technical officer of Cyveillance, a security company based in Arlington, VA. “To effectively deal with an attack involving fast flux, it is necessary to take the domain off the Internet, and that requires working with either the registrar or registry of that domain,” he says. This can be hard because some domains are located in countries with loose regulations for Internet fraud. Simpler obstacles such as a language barrier can also leave a fraudulent site in operation for a longer period of time.

Gupta says that, as with most Internet crime, flux is a just one component in a larger game of cat and mouse. “You can’t win this game,” she says. “You just have to continually detect their means and adjust to them.”

1 comment. Share your thoughts »

Credit: Aaron Bernstein/Indiana University Communications

Tagged: Web, security, phishing, DNS, flux

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me