Possible Domain Poisoning Underway

[stevey]

Security experts late Friday warned that a DNS cache poisoning attack may be underway and redirecting users from some of the most popular Web sites to a malicious URL where spyware and adware is invisibly installed onto their computers.

According to the Internet Storm Center, which posted an alert on its Web site, it had received reports that the attack was redirecting traffic from popular domains such as google.com, ebay.com, and weather.com.

DNS cache poisoning occurs when an attacker hacks into a domain name server, then "poisons" the cache by planting counterfeit data in the cache of the name server. When a user requests, say, ebay.com, and the IP address is resolved by the hacked domain server, the bogus data is fed back to the browser.

Another tactic, dubbed "DNS hijacking," is similar, but simply changes the domain server so that traffic is actually re-routed

what next

 

[Poker]

what next

Countermeasures