Definitions

What is a Domain Name Server (DNS) Cache Poisoning?

What is a Domain Name Server (DNS) Cache Poisoning?

Domain name server (DNS) cache poisoning occurs when an Internet server has its domain name table compromised by malicious code. This table serves as a list of legitimate Internet addresses, but if poisoned, some or all of these addresses are replaced with fakes. Instead of being directed to a legitimate website, requests made through a damaged DNS table send users to spoofed pages.

Common Locations

The code for DNS cache poisoning is often found in URLs sent via spam emails. These emails attempt to frighten users into clicking on the supplied URL, which in turn infects their computer. Banner ads and images — both in emails and untrustworthy websites — can also direct users to this code. Once poisoned, a user's computer will take them to fake websites that are spoofed to look like the real thing, exposing them to risks such as spyware, keyloggers or worms.
Risk Factors

DNS poisoning poses several risks, starting with data theft. Banking websites and popular online retailers are easily spoofed, meaning any password, credit card or personal information may be compromised. Also, if spoofed sites include Internet security providers, a user's computer may be exposed to additional threats such as viruses or Trojans, because legitimate security updates will not be performed. Finally, eliminating DNS cache poisoning is difficult, since cleaning an infected server does not rid a desktop of the problem, and clean desktops connecting to an infected server will be compromised again. If necessary, users can flush their DNS cache to solve the issue. To prevent DNS poisoning, users should never click on a link they don't recognize, and regularly scan their computer for malware. Always do so using a local program rather than a hosted version, since poisoning could spoof Web-based results.

© 1997 – 2014 Kaspersky Lab

All Rights Reserved. Industry-leading Antivirus Software