[ISN] DNS attack code out in wild

From: InfoSec News <alerts_at_private>
Date: Thu, 24 Jul 2008 04:01:58 -0500 (CDT)
http://www.techworld.com/security/news/index.cfm?newsID=102222

By Robert McMillan
IDG news service
24 July 2008

Hackers have released software that exploits a recently disclosed DNS 
flaw.

The attack code was released Wednesday by developers of the Metasploit 
hacking toolkit.

Internet security experts warn that this code may give criminals a way 
to launch virtually undetectable phishing attacks against Internet users 
whose service providers have not installed the latest DNS server 
patches.

Attackers could also use the code to silently redirect users to fake 
software update servers in order to install malicious software on their 
computers, said Zulfikar Ramizan, a technical director with security 
vendor Symantec. "What makes this whole thing really scary is that from 
an end-user perspective they may not notice anything," he said.

[...]


_______________________________________________      
Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com
Received on Thu Jul 24 2008 - 02:01:58 PDT

This archive was generated by hypermail 2.2.0 : Thu Jul 24 2008 - 02:07:55 PDT