Symantec has issued updated patches to fix vulnerabilities in its security appliances discovered at the beginning of March.
Companies relying on older versions of Symantec security appliances are being targeted with Domain Name System (DNS) poisoning attacks, which cause their users to be directed to malicious websites when they try to access legitimate ones.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Symantec thought it had prevented the attacks with patches it previously released, but it now admits they were not as comprehensive as it first thought.
Customers who have older versions of Symantec’s Gateway Security Appliance or Enterprise Firewall are being urged to download the latest updates from the company’s website to block the DNS poisoning attacks.
If they do not, remote hackers may take advantage of vulnerabilities in their DNS server configuration to direct users to websites that can spread malware onto corporate desktops, such as viruses, adware and spyware.
The exploit sees legitimate web searches for trusted sites being turned into ones for untrusted sites. It does this by directing users to a different web IP address even though the correct domain has been typed in by users.
The DNS poisoning attacks have been reported and monitored by the SANS Institute's Internet Storm Centre.