[virusinfo] DNS Cache Poisoning Attacks - 4/11/05

• From: "Mike" <mikebike@xxxxxxxxx>
• To: virusinfo@xxxxxxxxxxxxx
• Date: Mon, 11 Apr 2005 17:52:35 -0700

From; Panda Oxygen3 24h-365d wrote:

"Truth will rise above falsehood as oil above water."
            Miguel de Cervantes Saavedra (1547-1616). Spanish writer.
 
                          - DNS Cache Poisoning Attacks -
    Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, April 11, 2005 - "@RISK" (the SANS community's consensus bulletin)
has reported a problem in the default configuration of the DNS servers in
the DNS system in Windows NT and Windows 2000 (prior to SP3). Other
configurations are also reportedly vulnerable and being studied. 

SANS Internet Storm Center (ISC) has been actively analyzing reports of
large-scale DNS cache poisoning attacks. By carrying out this type of
attack, the attacker can redirect traffic for legitimate domains (for
example, windowsupdate.com) to an IP address controlled by the attacker.
The attacks have been used to redirect popular domains belonging to certain
financial, entertainment, travel, health and software companies to the
attackers' servers in order to install malware on users systems. 
        
Microsoft has published an article KB241352 that describes how to configure
a registry key on Windows 2000 (prior to SP3) and NT 4.0 (SP4 and later) to
harden a DNS server's configuration. It is recommendable to upgrade to
version 9.x in order to forward DNS servers running BIND. It is also
recommendable to upgrade to Windows 2000 (SP3 or later) and Windows 2003
for Windows DNS servers, as these versions offer protection against cache
poisoning attacks in their default configuration.

More information at http://isc.sans.org/presentations/dnspoisoning.php and
at http://support.microsoft.com/default.aspx?scid=kb;en-us;241352

NOTE: The addresses above may not show up on your screen as single lines.
This would prevent you from using the links to access the web pages. If
this happens, just use the 'cut' and 'paste' options to join the pieces of
the URL.
 
------------------------------------------------------------

The 5 most frequently detected viruses by Panda ActiveScan, Panda
Software's free online scanner:
1)Mhtredir.gen; 2)Shinwow.E; 3)Netsky.P; 4)Sdbot.ftp; 5)Downloader.WT.

------------------------------------------------------------
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------
*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance  and OWTA Charter Member 

Other related posts:

• » [virusinfo] DNS Cache Poisoning Attacks - 4/11/05

1. Home
2. virusinfo
3. Archive
4. 04-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---