14 DAY TRIAL // A great number of internet surfers complained recently that they have been re-directed from several sites to malware websites and this could be the result of a DNS cache poisoning attack (not a spyware, adware, or browser hijack) and security experts are looking into the matter to verify it this is the real cause.
The Internet Storm Centre posted a warning about "DNS cache poisoning" on its website on Friday. They said that this particular attack was redirecting traffic from google.com, ebay.com, and weather.com.
Basically the hackers are attacking a domain name server and poisoning the cache by planting counterfeit data in the cache of the name server. Other security companies are finding it difficult to pin-point the source of the attacks.
They spent all week-end hitting Google and eBay and can't find a poisoned DNS anywhere.
It could be that the sites got better, however it is more likely that the hack is localized to an enterprise or small internet service provider.
According to the Storm Centre here, the DNS cache poisoning appears to be affecting Symantec firewalls with DNS caching.
Some victims have told the Centre that they applied the patch, but were still affected. This could mean that either the patch doesn't solve the problem as it should or that we're talking about a different vulnerability.
The ABX toolbar spyware gets loaded onto the machine when visiting the target servers. This uses an ActiveX control. Users running Windows XP SP2 or a web browser that does not support ActiveX will probably not get hit with the spyware if they visit the server. ABX is not detected yet by the normal toolset of spyware/antivirus tools.