More Phishing Attack with DNS Vulnerability?
Microsoft released a security advisory (935964) last week acknowledging a vulnerability in Domain Name System (DNS) in Microsoft Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. The vulnerability is caused by a buffer overflow in the RPC interface. It only seems to affect the remote management API, not the name resolution service.
If exploited, it could be used for phishing attacks. Here's how.
According to Paul Mockapetris, one of the creators of the DNS protocol, quoted in ComputerWorld:
A hacker controlling a DNS server would have access to DNS logs to determine sites users go to, such as a bank, and they could alter DNS records to redirect users to a bogus site that looks like the bank and then record password and other sensitive data. Users also could be redirected to hacker Web sites that would install malicious code on end-user PCs.
To prevent this and other possible attacks, Microsoft recommends setting the RpcProtocol parameter to 4 in a servers registry. Full instructions are available in the security advisory.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
