Internet security firm Websense has detected that the default DNS server of China Netcom (NYSE: CN; 0906.HK) has fallen victim to a DNS poisoning attack. DNS servers are used on the Internet to convert domain names to IP addresses, and a DNS poisoning attack is when an attacker alters a given DNS cache to return a different IP address from the actual IP address of a given domain - usually pointing to the attacker's own servers containing malicious code or advertising. This specific attack appears to be focused on domain names based on the misspellings of popular sites such as Google. Normally such domains contain placeholder sites full of generic advertising, however Netcom users who currently visit those sites by accident are being directed to a server containing malicious code that attempts to exploit various security holes in their browser.
Editor's Note: Last month, a serious security hole that affected the majority of DNS servers on the Internet was announced. It is unclear whether the current poisoning of Netcom's DNS cache is related to this. It is also unclear what effect China's state-issued moratorium on upgrades and maintenance to telecommunications networks will have on Netcom's ability to resolve the issue in a timely manner. The moratorium was designed to ensure network stability during the Olympic and Paralympic Games, and prevents operators from making updates to their networks during the Olympic period. See "MIIT Regulates Telecom Services during Olympics", MD 7/30/08 issue for more information.