Poisoned DNS server:
A user querying an unaffected DNS server is taken through to a clean site but if the target queries a poisoned name server, the browser is redirected to the attacker's site with the malicious iFrame code:
Latest Post | Last 10 Posts | Archives
Previous Post: Nokia and Sun confirm S40, Java ME vulnerabilities
Next Post: Typosquatting the U.S presidential election - a security risk?
Posted in:
The DNS server of one of China's largest ISPs has been poisoned to redirect typos to a malicious site rigged with drive-by exploits.
According to a warning from Websense Security Labs, the DNS poisoning attacks are affecting customers of China Netcom (CNC) and are using a malicious iFrame to launch exploits for known vulnerabilities in RealNetworks' RealPlayer, Adobe Flash Player and Microsoft Snapshot Viewer.
Websense provided screenshots of an nslookup of a potential mistyped URL. The first shows an unaffected name server, while the second shows the poisoned name server:
Unaffected name server:
Poisoned DNS server:
A user querying an unaffected DNS server is taken through to a clean site but if the target queries a poisoned name server, the browser is redirected to the attacker's site with the malicious iFrame code:
posted by Ryan Naraine
August 21, 2008 @ 12:43 pm
Previous Post: Nokia and Sun confirm S40, Java ME vulnerabilities
Next Post: Typosquatting the U.S presidential election - a security risk?
WordPress Mobile Edition available at alexking.org.
powered by WordPress.
