Older Symantec Software Vulnerable to DNS Poisoning Attacks

March 8, 2005
March 8, 2005 - (HOSTSEARCH.COM) – IDG News Service reported today that online scam artists are Domain Name System (DNS) poisoning attacks to exploit a flaw in some Symantec Corp. products to divert Internet users from popular Web pages like Google and eBay to sites where adware and other annoying programs are installed on their computers.

Symantec's Gateway Security Appliance and Enterprise Firewall are at risk for such attacks. According to Johannes Ullrich, chief technology officer at the SANS Institute's Internet Storm Center (ISC), the attacks which began on Thursday or Friday, may be one of the largest to use DNS poisoning.

Symantec issued an emergency patch for the DNS poisoning hole on Friday.

The DNS poisoning attacks were easy to detect because Web sites involved in the attack don't mimic the sites that users were trying to reach, Ullrich said. However, DNS poisoning could be a potent tool for online identity thieves who could set up phishing Web sites that are identical to sites like Google.com or eBay.com but secretly capture user information, he said.

Top 3 Hosts From Our Search

2Pars Enterprise