Report: Web address attacks have commenced
Net security groups say that several small-scale attacks exploiting the DNS flaw are already happening.
It's reported that attacks exploiting the DNS flaw found earlier this year have already begun, according to the BBC.
Detected accidentally by Dan Kaminsky, a director at the American security specialist IOActive, researchers believe it's prompted the largest security update in the history of the web stemming from fears that millions of people may be exposed to malicious hackers online.
The DNS helps computers translate website addresses into the numerical language that machines understand. Even if users type in the right address, the flaw could essentially allow cybercriminals to direct them to fake sites. Using attack codes, spammers and phishing experts could illegally gain access to bank accounts and personal information.
Microsoft, Cisco, Red Hat, Sun Microsystems and the Internet Software Consortium had updated their software earlier to address the issue. Now, security groups say that there's evidence that minor attacks are already happening and other net firms are advised to rectify the problem before the attacks become more serious.
"This attack is very good," said Dan Kaminsky, adding that "this attack is being weaponized out in the field. Everyone needs to patch, please."
Kaminsky's web page, www.doxpara.com, allows people to find out if their systems have the DNS vulnerability. A few days ago, it was revealed that more than half the computers tested at the website still needed to be patched.
Windows users will need to download the Microsoft Security Bulletin MS08-037 if Microsoft Updates isn't automatically applied on their system, while Mac or Linux users are advised to check the US Computer Emergency Readiness Team (US CERT) webpage for the latest patch details. At present, Apple still hasn't issued a patch for its Mac OS X operating system.