.com under attack

The SANS Institute's Internet Storm Center (ISC) has issued a warning about new attacks which corrupt some DNS servers so that requests for .com sites sent to those servers connect users instead to Websites maintained by the attackers.

These attacks, also known as 'pharming,' target the .com Internet domain, redirecting some Internet users from .com Websites to Web pages controlled by the unknown attackers. Statistics indicate that at least 1,300 Internet domains were redirected to compromised Web servers in an attack in early March.

ISC advised network operators to block traffic to and from the IP addresses involved to stop the redirection. The attacks use a strategy called DNS cache poisoning, in which malicious hackers use a DNS server they control to feed erroneous information to other DNS servers. The attacks take advantage of a DNS vulnerability that allows any DNS server that receives a request about the IP address of a Web domain to return misleading information.

Internet users who approach a poisoned DNS server for their Web surfing requests might find that entering the URL of a well-known Website directs them to an unexpected or malicious Web page, or in some cases a completely fraudulent Website.