DNS Cache Poisoning Attack in Romania – Popular Sites Redirected.


Arstechnica reports that a possible DNS cache poisoning attack was used against the Romanian (.ro) versions of popular sites like Google, PayPal and Microsoft. While the exact cause is unknown, cache poisoning is suspected since it involved multiple domain names, but not the whole of the .ro domain:

For a span of one to several hours on Wednesday morning, people typing Google.roYahoo.ro, and Romanian-specific addresses for other sites connected to a website that was purportedly run by an Algerian hacker, according to numerous security blog posts, including this one from Kaspersky Lab. Researchers said the most likely explanation for the redirection is a technique known as DNS poisoning, in which domain name system routing tables are tampered with, causing domain names to resolve to incorrect IP addresses.

More information from Kaspersky Lab.

Comments are closed.