Security Bytes: ISP's DNS hijacked

Also, flaws in Blackberry Enterprise Server; worm poses as request for Tsunami aid.

ISP's domain name hijacked
A company that provides Internet access and e-mail service to users in New York City, Long Island, Westchester, Rockland County and New Jersey is scrambling to restore order after its domain name was hijacked. Public Access Networks Corp. of New York said the unknown hijacker got to its main domain name [Panix.com] and wreaked havoc over the weekend.

During the hijacking, ownership of Panix.com was moved to a company in Australia. Meanwhile, the DNS records were moved to a company in the United Kingdom, while panix.com's e-mail was redirected to yet another company in Canada. For most customers, using the Panix.com domain would not work or would end up at a false site.

By Monday morning, Panix had recovered its domain but warned the records for its global DNS would take several hours to restore. More details are on Panix's alternate Web site.

"Recovery from the Panix.com domain name hijack is under way," the ISP said Monday morning. "The registrar in Melbourne has reverted the domain back to us, and the global Internet registry and domain name servers are now showing the correct information. However, due to the distributed nature of the Internet domain name system, it will take four to 24 more hours before the false data from the hijacking expires and is discarded by the various name servers."

As a temporary workaround, customers were advised to use the panix.net domain in place of panix.com. "If you're trying to log onto 'shell.panix.com' or see your mail at 'mail.panix.com,' use 'shell.panix.net' or 'mail.panix.net' instead," the company said. "However, you should only change the names of hosts that you connect to or your return address. The name you use to login to our mail servers, username@panix.com, should stay the same.

Analyst: Microsoft preparing AV launch
Will Microsoft Chairman Bill Gates unveil a new Microsoft antivirus program at next month's RSA Security conference? J.P. Morgan analyst Adam Holt apparently thinks so.

According to media reports, Holt said in a note to clients that Microsoft could offer details of such a program as early as next month. Since Gates will speak at the RSA conference in San Francisco Feb. 15, the details could come then, the reports noted. Holt expects the program to be on sale in the third quarter.

Microsoft has been working on an antivirus product for some time to compete with AV giants Symantec Corp. and McAfee Inc.

Partial fix for flaws in Blackberry Enterprise Server
Canadian firm Research In Motion (RIM) has offered a partial fix for a vulnerability affecting its BlackBerry Enterprise Server for Domino and Exchange.

Danish security firm Secunia said in an advisory that an attacker could exploit the security hole to cause a denial of service. The problem is an error in the Mobile Data Service when processing Wireless Markup Language (WML) pages, Secunia said. This can be exploited by tricking a user into viewing a malicious WML page containing a URL without space characters in the comment block.

Secunia said RIM has fixed the vulnerability in Enterprise Server for Domino 2.2 Service Pack 4 Hot Fix 2 and Microsoft Exchange 3.6 Service Pack 4 Hot Fix 2. The firm said it is not aware of any available fixes for Enterprise Server for Exchange 4.0 and Domino 4.0.

Worm poses as request for Tsunami aid
A new mass-mailing worm preys on users who want to donate to Tsunami relief efforts, Lynnfield, Mass.-based antivirus firm Sophos said. W32.VBSun-A tries to tempt users into clicking onto its malicious attachment by pretending to be information on donating to a tsunami relief effort. Users who run the attached file risk forwarding the worm to other users, Sophos said. In a twist, it can also initiate a denial-of-service attack against a German hacking Web site.

E-mails sent by the worm have the following characteristics:

  • Subject line: Tsunami Donation! Please help!
  • Message text: Please help us with your donation and view the attachment below! We need you!
  • Attachment name:tsunami.exe

"Duping innocent users into believing that they may be helping the tsunami disaster aid efforts shows hackers stooping to a new low," Graham Cluley, Sophos' senior technology consultant, said in a statement. "This gruesome insensitivity is a despicable ploy to get curious computer users to run malicious code on their computers. Everyone should be wary of unsolicited e-mail attachments, and visit the established charity Web sites instead if they wish to assist those suffering as a result of the disaster."

VBSun-A isn't the first piece of malware to use the tsunami disaster in an attempt to spread. VBS.Geven-B tried to spread a message earlier this month that the tsunami was God's revenge on "people who did bad on earth" and a number of e-mail scams have been launched by people posing as victims in an attempt to steal money.

Dig deeper on Emerging Information Security Threats

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close