Dangerous DNS exploit online
Spyware July 24th, 2008A hack which takes advantage of a recently disclosed flaw in the Domain Name System (DNS) software used to route messages between computers on the Internet has been released.
It was turned loose by developers of the Metasploit hacking toolkit, says PC World, going on
Internet security experts warn that this code may give criminals a way to launch virtually undetectable phishing attacks against Internet users whose service providers have not installed the latest DNS server patches.
Attackers could also use the code to silently redirect users to fake software update servers in order to install malicious software on their computers, said Zulfikar Ramizan, a technical director with security vendor Symantec. “What makes this whole thing really scary is that from an end-user perspective they may not notice anything,” he said.
IOActive researcher Dan Kaminsky revealed it earlier this month, “but technical details of the flaw were leaked onto the Internet earlier this week, making the Metasploit code possible,” says the story.
“Kaminsky had worked for several months with major providers of DNS software such as Microsoft, Cisco and the Internet Systems Consortium (ISC) to develop a fix for the problem. The corporate users and Internet service providers who are the major users of DNS servers have had since July 8 to patch the flaw, but many have not yet installed the fix on all DNS servers.”
US-CERT on Monday warned: “Technical details regarding this vulnerability have been posted to public Web sites,” says InformationWeek, adding:
“Attackers could use these details to construct exploit code. Users are encouraged to patch vulnerable systems immediately. “This is a very serious situation, and can possibly lead to widespread and targeted attacks which hijack sensitive information by redirecting legitimate traffic to fraudulent Web sites, due to incorrect (fraudulent) information being injected into the vulnerable caching nameserver(s),” Trend Micro security researcher Paul Ferguson said in a blog post.
“Kaminsky has been planning to present details about the DNS vulnerability at the Black Hat security conference in two weeks.”
See the rest here:
Dangerous DNS exploit online
