China Netcom (CNC), one of China's largest Internet service providers (ISP), had the cache of its primary DNS server poisoned to redirect certain common typos to a malicious site. Now, it is relatively common for mistyped domain names to be redirected by ISPs to a placeholder site with advertisements as an additional revenue source for them. In this case though, customers of this prominent ISP are forwarded to a website under the control of an attacker. According to Websense's Security Labs alert, the site is rigged with malicious iFrame code to exploit known vulnerabilities in RealPlayer, MS06-014, Flash Player and Microsoft Snapshot Viewer.
To read up more about this story:
- check out this Websense alert [1]
Links:
[1] http://securitylabs.websense.com/content/Alerts/3163.aspx