14 DAY TRIAL // Trend Micro says attackers are using a recently patched flaw in the BIND software, deployed with Linux-based DNS servers, to attack and compromise systems.
BIND, which stands for Berkeley Internet Name Domain, is a popular open-source software package included by default on all Linux machines and used to run DNS servers.
On September 27, the Internet Systems Consortium (ISC) issued a fix for BIND that addresses a flaw tracked as CVE-2016-2776, which allowed someone to crash DNS servers in an unsafe manner.
The Denial-of-Service (DoS) flaw could be exploited by sending a DNS query to the server with special parameters that constructed overly large responses that crashed BIND.
Blog posts from Trend Micro and Infobyte explain how this vulnerability works in better detail.
Proof-of-concept code might have spurred the attacks
Infobyte security researchers also created proof-of-concept code and a Metasploit module to allow system administrators to test if their servers are vulnerable.
As it sometimes happens, crooks also employ these very same packages to attack servers, and this is what recently happened. A day later, Japan’s National Police Agency detected attacks against DNS servers in the country and issued an alert on the incidents.
The reason an attacker would target BIND installations is not because of a craving for taking over DNS servers, but taking over "servers" per-se.
DoS vulnerabilities are often used to crash applications and then append other more dangerous code, in some cases leading to the execution of malicious code on the underlying OS, with the app's same privileges or with elevated permissions. Attackers, in this case, where most likely after Linux servers to use in other malicious campaigns.
Additionally, there are other ways to use DoS flaws. "Emphasis is placed on the BIND vulnerability as it could lead to DoS attacks that could impact organizations by disabling, shutting down, or disrupting a service, network, or website," Trend Micro says. "The effects of a DoS attack could range from financial loss and reputation damage to lawsuits and customer attrition."