[ISN] DNS attack code out in wild
InfoSec News
alerts at infosecnews.org
Thu Jul 24 04:01:58 CDT 2008
http://www.techworld.com/security/news/index.cfm?newsID=102222
By Robert McMillan
IDG news service
24 July 2008
Hackers have released software that exploits a recently disclosed DNS
flaw.
The attack code was released Wednesday by developers of the Metasploit
hacking toolkit.
Internet security experts warn that this code may give criminals a way
to launch virtually undetectable phishing attacks against Internet users
whose service providers have not installed the latest DNS server
patches.
Attackers could also use the code to silently redirect users to fake
software update servers in order to install malicious software on their
computers, said Zulfikar Ramizan, a technical director with security
vendor Symantec. "What makes this whole thing really scary is that from
an end-user perspective they may not notice anything," he said.
[...]
More information about the ISN
mailing list