From VNUNET via Packetstorm:
H D Moore, who crafted the original DNS exploit module, said in a blog posting that an attacker managed to run the cache-poisoning attack on a server belonging to AT&T’s internet service in Austin, Texas.
As a result of the attack, servers at BreakingPoint Systems, the network security firm which employs Moore as director of security research, redirected employee machines from Google.com to a third-party site loaded with advertisements.
Apparently no real damage caused by it for them, but there must be loads of other users on AT&T’s DNS-servers.
I’m all for full disclosure but this is really affecting a lot of people. We are seeing a big increase in infected computers and the DNS flaw might be what’s behind this (but I have no concrete proof of it).
Anyhow, admins at larger ISP’s better get patching now if they haven’t started already.
Cheers,
