China Netcom falls prey to DNS cache poisoning

One of China's largest Internet service providers has fallen victim to a dangerous vulnerability in the Internet's addressing system.

One of China's largest ISPs (Internet service providers) has fallen victim to a dangerous vulnerability in the Internet's addressing system, according to security vendor Websense.

The flaw, which has been described as one of the most serious ones to ever affect the Internet, can cause Web surfers to be redirected to fraudulent Web sites even if the URL (Uniform Resource Locator) has been typed correctly in a browser's address bar.

Discovered by security researcher Dan Kaminsky, the problem is rooted in the DNS (Domain Name System). When a user types a Web address into a browser, the request goes to a DNS server or a cache, which returns the corresponding numerical IP (Internet protocol) address for a Web site.

But the flaw allows the DNS server to be filled with wrong information and direct users to malicious Web sites. The China Netcom attack is particularly interesting because it only affects those who misspell certain URLs, said Carl Leonard, security research manager for Websense's European lab.

The latest hack was discovered by Websense's Beijing lab, some of whose researchers use China Netcom as their ISP, Leonard said. Websense has seen other DNS attacks, but chose to publicize this particular one due to its interesting execution, he said.

Hackers have tampered with one of China Netcom's DNS servers to only redirect users who type, for example, rather than That way, fewer users are directed to malicious Web sites, but the strategy is to keep the attacks lower-profile so as to not raise attention.

"The malcode authors are trying to keep under the radar," Leonard said.

Victims are redirected to malicious Web sites -- some of which are still active -- that try to exploit known vulnerabilities in software such as RealNetworks' RealPlayer multimedia player and Adobe System's Flash Player.

Another exploit attempts to take advantage of a problem with an ActiveX control for Microsoft's Snapshot Viewer, used to view reports for Microsoft Access, a relational database program.

Although Adobe, Microsoft and RealPlayer have issued patches for some of those vulnerabilities, hackers still see opportunities. "It tells us people haven't applied those patches," Leonard said.

If an exploit is successful, the PC will download a Trojan horse program that shuts off updates for antivirus software, Leonard said. Websense has notified China Netcom but are unsure yet if the DNS server has been patched.

Kaminsky and other researchers coordinated a massive secret campaign with vendors to patch their DNS software, but details on how to exploit the flaw were leaked on July 21. However, not all ISPs have patched yet, putting some users at risk. Also, the patches available just decrease the likelihood of success of an attack rather than completely securing a DNS server against an attack, Leonard said.

"There needs to be a longer-term solution made available," Leonard said.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags dns flaw

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments



Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >



Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?