"We now understand the issues and have clear things people should do to protect themselves," announced ISC's website, offering patch files and preventive measures designed to help keep user's Windows-based servers protected from these harmful exploits.
DNS cache attacks cause unsuspecting surfers to be redirected to malicious websites which infect the visitor's computer with spyware and harmful viruses. Unlike these attacks upon a surfer's computer, such as viruses and spyware, the DNS cache attacks are aimed at the webservers that translate URLs (Xbiz.com, for example), into a relevant IP address. By "poisoning" the server's IP lookup data, an attacker can cause a transparent redirection, sending surfers to an unintended destination.
A current online poll being run by the Internet Storm Center indicates that many respondents have not yet been affected by these attacks. Currently showing that only 15 percent of respondents have reported being affected by the DNS cache attacks, and rating it as somewhere between serious and a nuisance in terms of its overall potential to continue inflicting long term harm, the poll's numbers may be somewhat optimistic for those affected businesses within our industry.
There is cause for concern in some industry quarters, as the Windows server forms the backbone of many video streaming and DRM-enabled adult websites. Websites that stand to lose revenues should they become a victim of these disruptive attacks.
While ISC had earlier raised its alert color from green to yellow, the release of the new system updates and preventative measures resulted in a return to its green status. The previous yellow signal indicated that ISC was "currently tracking a significant new threat. The impact is either unknown [or] expected to be minor to the infrastructure. However, local impact would be significant." Yellow alerts were previously issued over outbreaks of the SQL Slammer, MSBlast, and Sasser worms.
"The motivation for these attacks is very simple: money," said ISC analyst Kyle Haugsness. "The end goal of the first attack was to install spyware/adware on as many Windows machines as possible."
Americanexpress.com, cnn.com, msn.com and redhat.com were among the affected domains. "What's scarier is that this could be used in a lot more subtle fashion, to make it difficult, or even impossible to detect," added Haugsness.