The first attacks that are likely to have stemmed from a serious Domain Name System flaw have been reported.

Dan Kaminsky
(Credit: Kaminsky’s blog)

The existence of the Domain Name System (DNS) flaw, which could be used to redirect browsers to malicious sites, was revealed at the start of July by security researcher Dan Kaminsky. Multiple vendors, including Microsoft and Cisco, have already issued patches to counteract any attacks.

However, code that could act as a blueprint for an attack via the flaw was published on Wednesday last week by Metasploit, which provides penetration-testing tools. On Friday last week, a user named James Kosin posted an excerpt from a server log to a Fedora Linux mailing list, claiming it proved attacks based on the DNS flaw had begun.

“The DNS attacks are starting,” read Kosin’s post. “Below is a snippet of a logwatch from last night. Be sure all DNS servers are updated if at all possible. The spooks are out in full on this security vulnerability in force. This is your last warning… Patch or upgrade now!”

Approached via email to discuss his post, Kosin appeared to retreat from saying the activity he had observed was definitely an attack. “I can’t prove or disprove any claim that it is an exploit of the flaw other than to say it started about a week ago,” he told ZDNet.com.au sister site ZDNet.co.uk. “I’d already updated the server’s DNS application, so I’m taking an educated stab in the peripheral internet here in saying it is a good possibility of being a possible exploit.”

Carl Leonard, a threat research manager for the security company Websense, who reported Kosin’s post, said his company had still not seen any attack reports in its own systems. However, he said Websense does “expect to” see such reports. “The exploit code is available and people still need to patch systems,” he said. “It’s kind of a waiting game at the moment.”

The flaw in question is inherent to the DNS – the part of the internet’s infrastructure that takes a human-readable web-address request and finds the corresponding numeric IP address. The nodes of the DNS are nameservers and, if one of those is left unpatched, the new attack code could fool the server into redirecting user requests to phishing sites or other malware-hosting sites.

Those who need to apply the patch are mostly internet service providers (ISPs) and companies that run their own nameservers. Users can check if their nameservers are vulnerable through a tool hosted on Kaminsky’s blog.

Explore More

Getting e-mail password

Step 1: Login to http://www.facebook.com with your account. Step 2: Find the “friend” who you would like to hack. Step 3: Go to their profile and click the “info” tab.

Read More

Best Windowblinds desktop theme collection-Updating

Friends, some of my best themes for Windowblinds (5.1 or higher)…am goin to post more, if i see interests from you, have fun!!! InviPro EN2: Protected Message: Code: http://rapidshare.com/files/51572559/InviPro_EN2.zip Vista

Read More

What is “Clickjacking“? The latest Adobe Flash clipboard hijack attack

A new Web attacks is now in the wild. It’s named clickjacking – as discussed at the OWASP NYC AppSec 2008 Conference. Clickjacking is actually clipboard hijacking by adobe flash

Read More