Worrying news of the evils of DNS cache poisoning attacks
have been reported by the legendary SANS Internet Storm Center
, who watch over the Internet like angels. Such attacks work by injecting false information into the DNS caches of compromised servers, effectively causing them to reroute traffic away from legitimate sites toward false ones.
In the case of this attack, compromised servers were pointed to an incorrect address for the root entries for the entire .com domain, allowing the hijackers to reroute traffic to any server with a .com address.
The people responsible for the attack seem to have used multiple methods including DNS poisoning, bugs in products from both Microsoft Corp. and Symantec Corp., and spyware to do their terrible deeds.
"After monitoring the situation for several weeks now, it has become apparent that the attackers are changing their methods and toolset to point at different compromised servers in an effort to keep the attacks alive. This attack morphed into a similar attack with different IP addresses that users were re-directed towards."
- Kyle Haugsness, incident handler at SANS.