New Domain Poisoning Attacks Microsoft Servers

[Cheapquality]

The DNS cache poisoning that first struck more than a month ago and led to users being redirected from popular Web sites to malicious sites that infected their machines with spyware, is continuing, said the Internet Storm Center (ISC) Wednesday. The attacks are taking advantage of vulnerabilities and design flaws in Microsoft server software. DNS cache poisoning occurs when an attacker hacks into a domain name server, one of the machines that translate URLs such as www.techweb.com into the appropriate IP address. The attacker then "poisons" the server by planting counterfeit data in the cache of the name server. When a user requests, say, techweb.com, and the IP address is resolved by the hacked domain server, the bogus data is fed back to the browser and the user is directed to another Web site, not the intended destination.