HD Moore: Hackers Start DNS Attacks
Gregg Keizer writes on ComputerWorld:
Hackers are now actively exploiting a critical flaw in the Domain Name System, but they're not using any of the already known exploits, said a researcher who crafted the first attack code to go public.More here.
"We're seeing an entirely new technique," said HD Moore, the creator of the Metasploit penetration-testing framework, who with a hacker identified as "I)ruid" published exploits last week for the vulnerability in the Internet's routing system.
Late yesterday, Moore reported that he had found a compromised DNS server operated by AT&T Inc. when employees at his company, BreakingPoint Systems Inc., realized that they were being shunted to a bogus version of Google.com. Since then, Moore said today, he has heard from others who also reported redirects from hacked DNS servers. "They're saying, 'We've seen the same thing,' so now we're trying to figure out if we're seeing attacks on a wide scale or not."
Moore said the exploit that successfully attacked the AT&T server was not the same as the Metasploit attack code that he and I)ruid wrote, nor were any of the other public exploits.