A group of security researchers demonstrated on Monday one way to use the recent domain-name service (DNS) security issue to compromise computers by redirecting insecure update services to fake servers that install malicious code instead.
The attack tool -- dubbed Evilgrade by its creators at non-profit Infobyte Security Research -- will enable penetration testers to exploit computers using the automated update feature of Sun Microsystems' Java, Winzip, Winamp, Mac OS X, OpenOffice, iTunes, Linkedin Toolbar, DAP, Notepad++, and Speedbit, according to the group.
"It works with modules -- each module implements the structure needed to emulate a false update of specific applications/systems," the group said in the ReadMe file availlable on its site. "Evilgrade needs the manipulation of the victim DNS traffic."
The fully developed attack tool is the latest setback for domain-name system (DNS) security, since a group of software vendors and network infrastructure experts announced earlier this month that a major flaw existed in the protocol. Last week, the details of the flaw were made public and, two days later, the Metasploit Project released two exploits that could allow an attacker to poison a servers DNS cache using the flaw.
On Friday, Austria's computer emergency response team (CERT) announced that a survey of that country's domain-name servers found that two-thirds of the systems have yet to be patched.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos