http://www.theinquirer.net/?article=21621 By Nick Farrell 07 March 2005 HACKERS HAVE found a way of diverting interweb punters from famous websites to dodgy URL's where they plied with spy and adware. Security outfit, The Internet Storm Centre, posted a warning about "DNS cache poisoning" on its website on Friday. It said that it had reports that this particular attack was redirecting traffic from google.com, ebay.com, and weather.com. Basically the hackers are attacking a domain name server and poisoning the cache by planting counterfeit data in the cache of the name server. However, all might not be doom and gloom. Other security firms are also having a bit of difficulty confirming the attack. They spent all Friday hitting Google and ebay and can't find a poisoned DNS anywhere. It could be that the sites got better, however it is more likely that the hack is localised to an enterprise or small internet service provider. According to the Storm Centre here, the DNS cache poisoning appears to be affecting Symantec firewalls with DNS caching. Some victims have told the Centre that they applied the patch, but were still affected. So this could be a different vulnerability or the patch didn't work properly. The ABX toolbar spyware that gets loaded onto the machine when visiting the target servers. This uses an ActiveX control. Users running Windows XP SP2 or a web browser that does not support ActiveX will probably not get hit with the spyware if they visit the server. ABX is not detected yet by the normal toolset of spyware/antivirus tools. _________________________________________ Bellua Cyber Security Asia 2005 - http://www.bellua.com/bcs2005
This archive was generated by hypermail 2.1.3 : Mon Mar 07 2005 - 03:52:28 PST