DNS attacks on the up

Filed under
Security

Domain name system (DNS) poisoning attacks affect enterprise servers and cause users to be directed to malicious websites when they try to access legitimate ones.

The exploit this by directing the user to a different web IP address even though the correct domain has been typed in by the user.

Once the user is directed to a malicious site they could unwittingly download malware onto their machine and the corporate network, which could include viruses, adware, spyware or key-logging programs that can be remotely controlled by hackers.

The ISC says such attacks are spreading partly as a result of the default settings on older Windows-based servers.

Servers running NT 4.0 or versions of Windows 2000 prior to Service Pack 3 are particularly vulnerable as they don’t automatically protect companies against DNS Poisoning.

Symantec recently had to release a security patch to stop its older security appliances from letting such attacks through.

Source.