The SANS Institute's Internet Storm Centre (ISC) has
said that domain name system attacks are becoming more widespread
since they were first reported last month.
Domain name system (DNS) poisoning attacks affect enterprise
servers and cause users to be directed to malicious websites when
they try to access legitimate ones.
The exploit this by directing the user to a different web IP
address even though the correct domain has been typed in by the
user.
Once the user is directed to a malicious site they could
unwittingly download malware onto their machine and the corporate
network, which could include viruses, adware, spyware or
key-logging programs that can be remotely controlled by
hackers.
The ISC says such attacks are spreading partly as a result of
the default settings on older Windows-based servers.
Servers running NT 4.0 or versions of Windows 2000 prior to
Service Pack 3 are particularly vulnerable as they don’t
automatically protect companies against DNS Poisoning.
Symantec recently had to release a security patch to stop its
older security appliances from letting such attacks through.