"It's really the ultimate back door," said Chris Rouland, chief technology officer with IBM's Internet Security Systems division. "All the stuff we've deployed in the enterprise, it's not going to look for this."

Rouland expects to see more of these DNS attacks launched from Web 2.0 sites in the coming months, because they make it very easy for people to "mash up" Web pages from many different sources -- some of whom may be untrustworthy "This is truly the next generation of phishing," he said.

Preliminary findings by Dagon's team shows that the Web is an important vector for these attacks. Using Google's network of Web crawlers, researchers uncovered more than 2,100 Web pages that used exploit code to change the Windows registry of visitors.

The team's paper, entitled Corrupted DNS Resolution Paths, is set to be published at the Network and Distributed System Security Symposium (NDSS) in San Diego. It is co-authored by Chris Lee and Wenke Lee, of Georgia Tech and Niels Provos, a senior engineer with Google.

Last year Dagon and Wenke Lee, founded a startup called Damballa, which is developing ways to protect against these types of attacks.

Damballa, which bills itself as an anti-botnet appliance vendor, can identify compromised machines by tracking whether or not they are communicating with DNS servers that are known to be malicious.