With all the news about DNS cache poisoning, I bet a lot of you are left wondering what an attacker would have to gain by doing this. Some people at Microsoft have analyzed an attack; it’s a bit technical but interesting to read.
In short, once a poisoning attack is succesfull, any requests for which the results are poisoned are redirected to a malicious site that serves up malware. I know, nothing shocking, just your average day on the net:
The real tale begins here. After a request to the poisoned DNS server, our user will get redirected to a webpage that will have an iframe into it. This iframe leads to various websites with exploits, malware programs, etc. All sorts of nasty things that try to make their way into the system.
What is more interesting is that some major ISP’s have already been targeted; an example was seen at China Netcom last week. This attack used similar techniques, inserting an iframe with malicious code. My guess is that this won’t be the last one we see this year.