DNS Spoofing

DNS Spoofing, also known as DNS Poisoning or DNS Cache Poisoning, involves corrupting an Internet server's Domain Name System table by replacing a valid Internet address with that of another, rogue address. When a web user looks for the affected page, the request is redirected to a different address where a worm, spyware, web browser hijacking program, or other malware can be downloaded to the user's computer from the rogue location.

A DNS Spoofing attack is possible because of HTTP Response Splitting and flaws in the web application. DNS Spoofing can be transmitted within spam email messages, images, and banner ads, increasing the rate at which rogue programs are spread. If a response is cached in a shared web cache commonly found in proxy servers, all users of that cache will continue to receive the malicious content until the cache entry is purged. The same is true if the response is cached in an individual user’s browser.