China Netcom falls prey to DNS cache poisoning

One of China's largest Internet service providers has fallen victim to a dangerous vulnerability in the Internet's addressing system.

One of China's largest ISPs (Internet service providers) has fallen victim to a dangerous vulnerability in the Internet's addressing system, according to security vendor Websense.

The flaw, which has been described as one of the most serious ones to ever affect the Internet, can cause Web surfers to be redirected to fraudulent Web sites even if the URL (Uniform Resource Locator) has been typed correctly in a browser's address bar.

Discovered by security researcher Dan Kaminsky, the problem is rooted in the DNS (Domain Name System). When a user types a Web address into a browser, the request goes to a DNS server or a cache, which returns the corresponding numerical IP (Internet protocol) address for a Web site.

But the flaw allows the DNS server to be filled with wrong information and direct users to malicious Web sites. The China Netcom attack is particularly interesting because it only affects those who misspell certain URLs, said Carl Leonard, security research manager for Websense's European lab.

The latest hack was discovered by Websense's Beijing lab, some of whose researchers use China Netcom as their ISP, Leonard said. Websense has seen other DNS attacks, but chose to publicize this particular one due to its interesting execution, he said.

Hackers have tampered with one of China Netcom's DNS servers to only redirect users who type, for example, rather than That way, fewer users are directed to malicious Web sites, but the strategy is to keep the attacks lower-profile so as to not raise attention.

"The malcode authors are trying to keep under the radar," Leonard said.

Victims are redirected to malicious Web sites -- some of which are still active -- that try to exploit known vulnerabilities in software such as RealNetworks' RealPlayer multimedia player and Adobe System's Flash Player.

Another exploit attempts to take advantage of a problem with an ActiveX control for Microsoft's Snapshot Viewer, used to view reports for Microsoft Access, a relational database program.

Although Adobe, Microsoft and RealPlayer have issued patches for some of those vulnerabilities, hackers still see opportunities. "It tells us people haven't applied those patches," Leonard said.

If an exploit is successful, the PC will download a Trojan horse program that shuts off updates for antivirus software, Leonard said. Websense has notified China Netcom but are unsure yet if the DNS server has been patched.

Kaminsky and other researchers coordinated a massive secret campaign with vendors to patch their DNS software, but details on how to exploit the flaw were leaked on July 21. However, not all ISPs have patched yet, putting some users at risk. Also, the patches available just decrease the likelihood of success of an attack rather than completely securing a DNS server against an attack, Leonard said.

"There needs to be a longer-term solution made available," Leonard said.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags dns flaw

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Father’s Day Gift Guide

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?