Home / / Report: Web address attacks have commenced

Report: Web address attacks have commenced

Net security groups say that several small-scale attacks exploiting the DNS flaw are already happening.

It's reported that attacks exploiting the DNS flaw found earlier this year have already begun, according to the BBC.

Detected accidentally by Dan Kaminsky, a director at the American security specialist IOActive, researchers believe it's prompted the largest security update in the history of the web stemming from fears that millions of people may be exposed to malicious hackers online.

The DNS helps computers translate website addresses into the numerical language that machines understand. Even if users type in the right address, the flaw could essentially allow cybercriminals to direct them to fake sites. Using attack codes, spammers and phishing experts could illegally gain access to bank accounts and personal information.

Microsoft, Cisco, Red Hat, Sun Microsystems and the Internet Software Consortium had updated their software earlier to address the issue. Now, security groups say that there's evidence that minor attacks are already happening and other net firms are advised to rectify the problem before the attacks become more serious.

"This attack is very good," said Dan Kaminsky, adding that "this attack is being weaponized out in the field. Everyone needs to patch, please."

Kaminsky's web page, www.doxpara.com, allows people to find out if their systems have the DNS vulnerability. A few days ago, it was revealed that more than half the computers tested at the website still needed to be patched.

Windows users will need to download the Microsoft Security Bulletin MS08-037 if Microsoft Updates isn't automatically applied on their system, while Mac or Linux users are advised to check the US Computer Emergency Readiness Team (US CERT) webpage for the latest patch details. At present, Apple still hasn't issued a patch for its Mac OS X operating system.

Follow us to get the most comprehensive technology news in UAE delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.