The German Federal Agency for Security in Information Technology (BSI) in Bonn is warning about a new and especially tricky security hole affecting internet users. The hole is related to the Domain Name System (DNS) and hence potentially affects all web users, dpa reported.
The DNS translates the names typed by the user into a numeric-based IP address. It's has been no secret for some time that hackers can manipulate DNS servers to redirect users to different sites without the users' knowledge.
"But now there are malicious programs that actually exploit this hole in the DNS," says BSI's Matthias Gaertner. "And unfortunately, not all providers have patched the hole on their DNS servers."
Even if users input the correct internet address into their browser, they can still be redirected to another page. This can be dangerous, if the user believes they are shopping in an internet shop or doing online banking and inputs personal data that is captured and abused by cyber criminals.
The spread of a hacking tool is the culprit, according to the BSI, as it allows affected internet connections to be redirected by manipulated DNS servers during automatic update queries, landing the user on a forged update server. A trojan is then typically sent as a download instead of an update, allowing the hacker to control the user's computer without being noticed.
Internet users may not be able to control whether their provider has updated their DNS servers, but they can at least check to see whether they are at risk. The site DNS-OARC (https://www.dns-oarc.net/oarc/services/dnsentropy) tests whether the user's provider has dealt with the issue.
If the test shows that the DNS is still open to this kind of attack, then users should restrict their surfing until it is fixed. That means no visiting bank websites or providing personal information. Trying to redirect the DNS settings on your own computer to an alternative DNS server is for experts only.
"Most users won't be able to handle that," Gaertner notes.