.com under attack
SANS Institute's Internet Storm Center (ISC) has issued a warning about new
attacks which corrupt some DNS servers so that requests for .com sites sent
to those servers connect users instead to Websites maintained by the attackers.
These attacks, also known as 'pharming,' target the .com Internet domain, redirecting
some Internet users from .com Websites to Web pages controlled by the unknown
attackers. Statistics indicate that at least 1,300 Internet domains were redirected
to compromised Web servers in an attack in early March.
ISC advised network operators to block traffic to and from the IP addresses
involved to stop the redirection. The attacks use a strategy called DNS cache
poisoning, in which malicious hackers use a DNS server they control to feed
erroneous information to other DNS servers. The attacks take advantage of a
DNS vulnerability that allows any DNS server that receives a request about the
IP address of a Web domain to return misleading information.
Internet users who approach a poisoned DNS server for their Web surfing requests
might find that entering the URL of a well-known Website directs them to an
unexpected or malicious Web page, or in some cases a completely fraudulent Website.