New York, NY (Business Wire) 13 November 2007

Trusteer announced today that the Microsoft Windows DNS Server vulnerable to a serious error DNS cache poisoning, the immediate execution is allowed pharming attacks on consumers. Attackers could steal user credentials and perform fraudulent transactions with this particular attack mechanism.

The attack was in July this year when Trusteer CTO, Amit Klein popular BIND DNS server cracked random. After these discoveries, the SAI, the consortium behind BIND, released a patch for BIND 9 and declared the end of life requires Version 8. It is now a Microsoft Windows DNS server, part of Windows Server was released in 2003 cracked the same time and is still vulnerable to attack for themselves.

The Domain Name System (DNS) translates domain IP addresses. It is a service consisting of a large number of DNS servers, memory addresses of fields and their associated IP addresses. DNS servers communicate with each other to address information exchange. To avoid message spoofing base their communication on randomly generated transaction IDs.

research published today by Amit Klein CTO Trusteer, discloses a method generated for predicting the transaction ID, Microsoft Windows DNS server. In anticipation of such transaction IDs, attackers can forge DNS messages and push bogus IP addresses in DNS. Accordingly, consumers would be redirected to fraudulent websites each time they try to access legitimate sites. The fraudulent website can be used to steal user data, and perform fraudulent transactions.

“This attack in particular for financial institutions and online retailers,” says Klein. “Hackers can target large ISP networks and direct all users of a particular bank of the network to a fraudulent website. There is nothing to the user or the bank can do to stop to this attack.”


Recommendations


Trusteer advises ISPs and companies that manage a Microsoft DNS server in a cache configuration to the latest patch from Microsoft will apply. existing anti-virus and desktop security solutions can not be against such attacks since DNS cache poisoning is not to protect the user’s computer or the DNS server, but the cached data on the DNS server. Report Trusteer solution for online banks, brokers and dealers who strongly authenticates the destination website and prevents access to unauthenticated websites, defeats this dangerous attack.

More information

The vulnerability in Microsoft was on 30 April 2007 reports.

A patch Microsoft released on 13h November 2007

Systems Affected: Microsoft Windows DNS server (part of Windows 2003 and Windows Server 2000)

Trusteer research is available at: http://www.trusteer.com/docs/microsoftdns.html

About

Trusteer

Trusteer is a privately held company by senior Internet security with specific expertise in the enterprise and security of desktop computers created. The flagship product, Rapport helps online banks, brokers and dealers to the office of consumers to identity theft and financial fraud protected against attacks such as Trojans financial keyloggers, phishing and pharming. Unlike traditional approaches, which provide only partial solutions, revolutionary approach to prevention protects Trusteer control the risks associated with many client threats.


Contact

:
Rakesh Loonkar

Trusteer

+1 (646) 247-5669

# # #

clear = “all”
DNS Server