Researchers at the SANS Internet Storm Center have been tracking domain name system (DNS) cache poisoning attacks that redirected users to malicious web sites.

DNS cache poisoning allows an attacker to change the DNS records that resolve domain names into IP addresses so that a user is redirected to another site.

Incident handlers at the Internet Storm Center (ISC)said they began receiving reports from multiple sites about DNS cache poisoning attacks in early March. Later in the month, they received reports of a different DHS poisoning attack. A third attack continued into April.

"The motivation for these attacks is very simple: money. The end goal of the first attack was to install spyware/adware on as many Windows machines as possible," ISC handlers wrote.

ISC estimates that 500 to 1,000 midsize and large organizations were affected by the attacks.

Microsoft has issued an advisories about preventing DNS cache poisoning. Windows 2000 Service Pack 3 and later versions of the software protect against the attacks by default, according to the vendor.

As reported in SC Magazine, DNS cache poisoning is being used to channel information to pharming web sites.

http://isc.sans.org
www.microsoft.com