• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 22nd, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

Years old DNS Bug can be used to spread Malware across World Wide Web

February 24th, 2016 Uzair Amir Malware, Security 0 comments
Years old DNS Bug can be used to spread Malware across World Wide Web
Share on FacebookShare on Twitter

Old is gold for sure but in this case old is bad and bold

Google’s security researcher Dan Kaminsky along with Redhat Linux has identified a flaw in “glibc” also known as the Gnu C standard library. This flaw isn’t a new one as Kaminsky reported that it has “been around for quite some time,” approx. 8 years since the first time it was discovered in May 2008.

This bug CVE-2015-7547 is found in the DNS (Doman Name Service) of the Internet and can be easily exploited to spread malware in every nook and corner of the world. The nature of this bug is so serious that Kaminsky has called it a “solid critical vulnerability by any normal standard.”

[q]The bug was first discovered in 2008, that means it’s an 8-year-old bug[/q]

Kaminsky states that this flaw tricks browsers into searching for shady domains after which servers would reply with excessively lengthy DNS names. This causes a buffer overflow in the software of the victim’s computer. Evidently, the bug is very dangerous as it can fully control the victim’s computer and let a hacker exploit it remotely. Kaminsky further says that the bug has “really worked its way across the globe.”

[fullsquaread][/fullsquaread]

Surprisingly, the bug cannot attack Android devices but otherwise, it seems to be quite similar to bugs like Heartbleed as far as the extensiveness of range is concerned. In fact, Kaminsky believes that it can leave behind all its predecessors in scope and range of attack. The latest hole in the Gnu DNS libraries was coded only a few months after he corrected the flaws identified in 2008 in DNS, claims Kaminsky.

One aspect isn’t yet clear if the code can be remotely executed and exploited in the wild or not.

Redhat conducted a back of the envelope analysis, which revealed that:

“It is possible to write correctly formed DNS responses with attacker controlled payloads that will penetrate a DNS cache hierarchy and, therefore, allow attackers to exploit machines behind such caches.”

As of now, the bug is capable of making servers vulnerable to MiTM (man in the middle) attacks if only the hackers could gain access to specific servers.

This is not the first time when an old flaw has threatened the Internet users. Last year, a researcher discovered 18-year-old bug allowing attackers to steal data from all versions of Windows OS.

[src src=”Source” url=”http://dankaminsky.com/2016/02/20/skeleton/”]Dankaminsky[/src]
[src src=”Top, Featured Image Via” url=”http://www.shutterstock.com/portfolio/search.mhtml?gallery_id=1818128&page=1&gallery_landing=1″]wk1003mike/Shutterstock[/src]
  • Tags
  • Bug
  • DNS
  • Flaw
  • Google
  • hacking
  • internet
  • security
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article Man Who Hacked and Stole Celebrity Nude Photos Pleads Guilty
Next article Encrypted Email Startup Tutanota Reaches 1 Million Users
Uzair Amir

Uzair Amir

I am an Electronic Engineer, an Android Game Developer and a Tech writer. I am into music, snooker and my life motto is 'Do my best, so that I can't blame myself for anything.'

Related Posts
Shazam Vulnerability exposed location of Android, iOS users

Shazam Vulnerability exposed location of Android, iOS users

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Shazam Vulnerability exposed location of Android, iOS users
Security

Shazam Vulnerability exposed location of Android, iOS users

59
Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet
Security

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

93
Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping
Security

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

111

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us