China Netcom falls prey to DNS cache poisoning

One of China's largest Internet service providers has fallen victim to a dangerous vulnerability in the Internet's addressing system.

One of China's largest ISPs (Internet service providers) has fallen victim to a dangerous vulnerability in the Internet's addressing system, according to security vendor Websense.

The flaw, which has been described as one of the most serious ones to ever affect the Internet, can cause Web surfers to be redirected to fraudulent Web sites even if the URL (Uniform Resource Locator) has been typed correctly in a browser's address bar.

Discovered by security researcher Dan Kaminsky, the problem is rooted in the DNS (Domain Name System). When a user types a Web address into a browser, the request goes to a DNS server or a cache, which returns the corresponding numerical IP (Internet protocol) address for a Web site.

But the flaw allows the DNS server to be filled with wrong information and direct users to malicious Web sites. The China Netcom attack is particularly interesting because it only affects those who misspell certain URLs, said Carl Leonard, security research manager for Websense's European lab.

The latest hack was discovered by Websense's Beijing lab, some of whose researchers use China Netcom as their ISP, Leonard said. Websense has seen other DNS attacks, but chose to publicize this particular one due to its interesting execution, he said.

Hackers have tampered with one of China Netcom's DNS servers to only redirect users who type, for example, gogle.cn rather than google.cn. That way, fewer users are directed to malicious Web sites, but the strategy is to keep the attacks lower-profile so as to not raise attention.

"The malcode authors are trying to keep under the radar," Leonard said.

Victims are redirected to malicious Web sites -- some of which are still active -- that try to exploit known vulnerabilities in software such as RealNetworks' RealPlayer multimedia player and Adobe System's Flash Player.

Another exploit attempts to take advantage of a problem with an ActiveX control for Microsoft's Snapshot Viewer, used to view reports for Microsoft Access, a relational database program.

Although Adobe, Microsoft and RealPlayer have issued patches for some of those vulnerabilities, hackers still see opportunities. "It tells us people haven't applied those patches," Leonard said.

If an exploit is successful, the PC will download a Trojan horse program that shuts off updates for antivirus software, Leonard said. Websense has notified China Netcom but are unsure yet if the DNS server has been patched.

Kaminsky and other researchers coordinated a massive secret campaign with vendors to patch their DNS software, but details on how to exploit the flaw were leaked on July 21. However, not all ISPs have patched yet, putting some users at risk. Also, the patches available just decrease the likelihood of success of an attack rather than completely securing a DNS server against an attack, Leonard said.

"There needs to be a longer-term solution made available," Leonard said.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags dns flaw

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Father’s Day Gift Guide

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?