Slashdot Mirror

← Back to Stories (view on slashdot.org)

DNS Cache Poisoning Spreads Malware

Posted by timothy on from the cold-hard-cache dept.

Gamma_UCF writes "As of April 4, 2005 the SANS Internet Storm Center has raised their alert level to Yellow following a rash of active DNS poisonings. The infected DNS servers are re-directing users from popular sites such as Google or American Express to malware infecting advertising sites. According to the ISC presentation on the attack, it is believed to be linked to known spammers and malware distributors. The full presentation of information up until this point can be found here."

31 of 314 comments (clear)

  1. April Fools Idea by DarkHelmet · · Score: 4, Funny
    Oh man, this article gave me an idea. Too bad it's a couple days late, or else it would have made a *great* april fools for the workplace here.
    1. Change the company's DNS server here to map google.com to a private machine here on the network.
    2. Create a frontend on the internal machines here that looks exactly like google.com
    3. Map the internal IP addresses on the network to specific people here.
    4. Inject specific "spooky" messages into the search results based on the IP address of the querying machine. Examples would be like: "How about looking at some pr0n, Mr. Bridges?" or "You really should have that bald patch looked at, sir."
    5. April Fools! HA HA!
    6. Look for a new job.
    Oh well, you only live once.
    --
    /^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
    1. Re:April Fools Idea by Cruithne · · Score: 4, Funny

      7. Profit!

    2. Re:April Fools Idea by mightypenguin · · Score: 2, Funny

      I think one of the better net admin jokes on this date was using the swedish chef text filter on all webpages in certain sections of the my college's site :)

      http://www.cs.utexas.edu/users/jbc/home/chef.html

    3. Re:April Fools Idea by Anonymous Coward · · Score: 1, Funny

      I did something very similar as a prank on my bosses birthday a few years back. I manually updated the HOSTS file on his laptop so that the domain of a very important client was pointing to one of our internal development servers. I then set up a special internal virtual host for the prank, and put up a faux copy of the real web site in question, with a bunch of "YOU'VE BEEN HACKED!!" messages all over the place.

      My boss bought it hook line and sinker...it was fun for the whole family.

    4. Re:April Fools Idea by TimeTraveler1884 · · Score: 2, Funny
      7. Profit!
      Whoever modded this "Redundant" needs thier head examined. Granted, it's only mildly funny, but it's not "Redundant". Uh, maybe because no one else had said it yet in response to the parent?

      You moderators are so fickle. I will probably get modded down "-1 He's got a point, but I don't like it" for this post.

    5. Re:April Fools Idea by Greger47 · · Score: 3, Funny
      On Slashdot it's redundant. We already subconciously add

      3. Profit!
      In Soviet Russia ... you!
      Imagine a Beowulf cluster...

      to all posts.

      /greger

    6. Re:April Fools Idea by lucabrasi999 · · Score: 2, Funny

      Only old Koreans subconsciously add statements to posts.

    7. Re:April Fools Idea by sjames · · Score: 4, Funny

      Just keep in mind, In Soviet Russia, a beowulf cluster profits by imagining 50 year old South Koreans pouring hot grits down your pants.

    8. Re:April Fools Idea by xv4n · · Score: 1, Funny
      Too bad there'll never be another first of April.

      You are beginning to scare me man. What else do you know?

  2. internet rash by Cruithne · · Score: 5, Funny

    following a rash of active DNS poisonings

    Damn internet rashes, they're the worst. Remember, dont surf without protecting your board. :/

  3. colored alerts by hey · · Score: 1, Funny

    I am sooo glad that SANS uses colored alerts like "Homeland" Security. Its pretty tacky. I guess the first time I heard about it was in the orginal Star Trek. Nothing tacky there.

    1. Re:colored alerts by Anonymous Coward · · Score: 2, Funny

      But, mister Rimmer sir, you do realize that it means changing the lightbulb...

  4. More color-coded warnings? by loqi · · Score: 5, Funny

    I give it two years until the sight of a rainbow fills me with abject terror and confusion.

    --
    If other reasons we do lack, we swear no one will die when we attack
    1. Re:More color-coded warnings? by peragrin · · Score: 2, Funny

      forget rainbow, wait till the perfect orange sunset, and run around screaming even mother nature knows terrorists are coming.

      --
      i thought once I was found, but it was only a dream.
    2. Re:More color-coded warnings? by krf · · Score: 3, Funny

      The rainbow already fills most republicans with abject terror and confusion.

      Maybe that's why they invented that terror warning thing.

      --
      my comic
    3. Re:More color-coded warnings? by oneiros27 · · Score: 4, Funny
      Kryten: We must take action. Be bold, positive, decisive. I suggest we move from blue alert to red alert, sir. Cat: Forget red! Let's go all the way up to brown alert! Kryten: But there's no such thing as brown alert, sir. Cat: You won't be saying that in a minute. And don't say I didn't alert you!

      Red Dwarf, Series 8, Episode 1.

      --
      Build it, and they will come^Hplain.
    4. Re:More color-coded warnings? by mmkkbb · · Score: 4, Funny

      *KABOOM*

      Arrr, an attack! Matey, fetch me red shirt! Can't let the men see me bleedin' if I get hit! ...

      *KABOOM*

      Arrr, that was a close one! Fetch me brown pants too!

      --
      -mkb
    5. Re:More color-coded warnings? by Fjornir · · Score: 4, Funny

      RIMMER: Go to blue alert.
      LISTER: What for? There's no-one to alert - we're all here.
      RIMMER: I would just feel more comfortable if I know that we're all on
      our toes 'cos everyone's aware it's a blue-alert situation.
      LISTER: We all are on our toes.
      RIMMER: May I remind you all of Space Core Directive 34124?
      KRYTEN: 34124. "No officer with false teeth should attempt oral sex in
      zero gravity".
      RIMMER: Damn you both, all the way to Hades! I want to go to Blue Alert!
      LISTER: Ok, ok.
      .
      .
      .
      LISTER: Too small for a vessel... maybe some kind of missile.
      KRYTEN: It's impossible to tell at this range. Whatever it is, they
      clearly have a technology way in advance of our own!
      LISTER: So do the Albanian State Washing Machine Company.
      RIMMER: Step up to red alert!
      KRYTEN: Sir, are you absolutely sure? It does mean changing the bulb.
      RIMMER: There's always some excuse, isn't there?

      --
      I want a new world. I think this one is broken.
  5. Question by Ryosen · · Score: 4, Funny

    I've been using Opera for 6 years now and I'm a little confused.

    What is "malware"?

    --

    Ryosen
    One man's "Troll, +1" is another man's "Insightful, +1".
  6. Re:More reason to use Firefox by bcmm · · Score: 4, Funny
    I bet that malware is Internet Explorer-specific.
    Yes. It's so great to use a web browser that doesn't rely on Microsoft technology like DNS...
    Oh, wait...


    Idiot.
    --
    # cat /dev/mem | strings | grep -i llama
    Damn, my RAM is full of llamas.
  7. Re:How to stop DNS cache poisoning by Wizy · · Score: 4, Funny

    Did you run the warez server? I know that guys name.

  8. DNS is broken... by Anonymous Coward · · Score: 1, Funny

    Everyone should just learn to remember IP addresses...my email is ac+NOSPAM@127.0.0.1

  9. You forgot..... by isotope23 · · Score: 2, Funny

    I for One welcome.........

    --
    Service guarantees Citizenship! Questions Guarantee GITMO.... Amerika Uber Alles!
  10. AC ??? by Anonymous Coward · · Score: 1, Funny

    Wait, hold on ... Anonymous Coward?! DUDE! I love your work, I read your posts all the time.

    1. Re:AC ??? by Anonymous Coward · · Score: 1, Funny

      Hey! That guy's an impostor. I'm Anonymous Coward!

  11. Next phase : stealth ninja midgets by 88NoSoup4U88 · · Score: 2, Funny
    The bigger failure rate through email (come on, -some- people have wisened up over the years... right ? right ??), has caused the spammers to look for other ways, now taking it up to the DNS level.

    I guess that when this is eventually blocked, and spammers -really- are out of ideas of what to do next, it's time for the ninja-midgets-phase :

    A spammer will employ stealth ninja midgets (or clone them), that will roam around the world causing havoc by typing in their master's URL in your browser, while you're out to get a snack.

  12. Re:How to stop DNS cache poisoning by clickster · · Score: 2, Funny

    "Free advice from a top security consultant at Foundstone. (you'd know my name)"

    OK. I call bullshit. I spent 30 minutes looking through the Foundstone corporate directory and there is no "Anonymous Coward", "A. Coward", etc.

    --
    If you mod me down, I shall become less powerful than you could possibly imagine.
  13. At school by elgatozorbas · · Score: 3, Funny

    When I was young, I had a severe DNS poisoning at school, and the teacher allowed me to go home.

  14. Sebben Alert Level Update by ewhac · · Score: 4, Funny
    ...the SANS Internet Storm Center has raised their alert level to Yellow following a rash of active DNS poisonings.

    ATTENTION: ALERT LEVEL UPDATE. The authorities at SANS (Sebben-Affilliated Network Security) have issued this network alert update:

    The DNS cache poisoning alert has been upgraded from "Yellow" to "Blackwatch Plaid." Repeat: DNS cache poisoning alert level is now at Blackwatch Plaid.

    Available information does not yet justify a further upgrade to alert level "Moving Pictures."

    And for everyone's safety and security, and to preserve our way of life, SANS is taking a drastic step and installing a network monitor. Just one. For safety, security, and omniscient, unblinking information gathering of everyone's activities.

    :-),
    Schwab

    --
    Editor, A1-AAA AmeriCaptions
  15. Fex ex tracking by morcheeba · · Score: 3, Funny

    A friend of mine was obsessively tracking a fed ex package of his and told us the progress of it a couple times a day. There happen to be a big hurricane happening, but it wasn't quite in the path of his package's travel. So, I wgett'ed (wgot?) fedex's site and made my own modifications. I just changed the hosts file on my friend's machine to point to my webserver. My friend watched his package get closer and closer, then looked in horror as it took a detour to florida. The next day it was in the fedex damaged package center, and we had to let him in on the joke.

    --
    HIV Crosses Species Barrier... into Muppets
  16. DON'T CLICK LINK by suwain_2 · · Score: 4, Funny

    Don't click that link! I clicked it and got a really nasty porn site.

    --
    ________________________________________________
    suwain_2 :: quality slashdot p