A security centre at Carnegie Mellon University in the US has identified four flaws in the Berkeley Internet Name Domain server software, which translates text-based domain names into the numeric IP addresses used by computers to identify Web sites.
Hackers could make use of these flaws to control traffic to and from Web sites including file downloads and email.
JJ Gray, a security architect at digital security consultancy @stake said that if BIND software were compromised, intruders could cause a lot more problems than denying access to a site.
"It would be possible to redirect people to other sites without their knowledge. If someone were to replicate the site of a financial institution, the customers they diverted to this replica would be unwittingly giving away all their personal information" said Gray.
The Internet Software Consortium two weeks ago released patches that upgrade BIND to version 9, which is not open to such attacks. These can be found atwww.isc.org/products/BIND/bind-security.html