In a scan of 2.5 million DNS (Domain Name System) servers, which act as the White Pages of the Internet, security researcher Dan Kaminsky found that approximately 230,000 DNS servers could be vulnerable to a threat known as DNS cache poisoning.
During a DNS cache poisoning attack, hackers replace the IP addresses of legitimate Web sites stored on the DNS machine with the address of a malicious site. The address then proceeds to redirect people to the bogus site, where they may be required to input personal information, or have harmful software installed on their computer. The technique can even be used to redirect e-mail, experts said.
"The reason behind a potential attack is money" states the SANS Internet Storm Center, which tracks network threats. Attackers usually get paid for every spyware or adware program that they install on a person's computer.
Out of the 2.5 million DNS servers scanned in the test, 230,000 servers were identified as potentially vulnerable, 60,000 are very likely to be open to this specific type of attack, and 13,000 have a cache that can definitely be poisoned.
1 Comment - Add comment