|
Possible Global DNS Poisoning Attack |
 |
 |
 |
|
Written by Editor
|
|
Saturday, 05 March 2005 00:06 |
|
It seems according to the nice people at the Internet Storm Center run by SANS a global DNS poisoning attack is underway. They are receiving reports that a number of visitors to a number of high profile sites are being redirected through the use of DNS poisoning to someplace nasty.
It seems that visitors to some popular sites such as ebay.com, google.com, weather.com and the like are being redirected to malware sites, where some bad things happen to them. Those being redirected are being directed to one or other of the following servers, please dont visit them because bad things will happen:- www.7sir7.com (217.160.169.87)
- 123xxl.com (217.160.169.87, 207.44.240.79, 216.127.88.131)
- abx4.com (217.160.169.87, 207.44.240.79, 216.127.88.131)
If your site has been affected then we would recommend you drop the incident handlers at the ISC, before you do however provide the following information to help them:- When the attack was first noticed and whether it is still occurring.
- What DNS server software you having facing the Internet. This information will be kept in strictest confidence.
- If you identified any other sites that users were being re-directed to (besides the ones listed above).
You can contact the ISC here.
Update: It seems according to the ISC there are two issues at hand with this, the first seems to be related to an issue with Symantec Firewalls with DNS Caching and the second issue the ABX Spyware toolbar that gets loaded onto unsuspecting victims when they are redirected to the above listed servers. At the moment most of the Anti-Spyware tools cannot detect this toolbar. |
|
Last Updated ( Thursday, 14 September 2006 23:13 )
|
