FPT's DNS server was attacked?

From the past few days, many ADSL subscribers of FPT reflect the phenomenon when accessing most of the international website addresses with the .org domain name are redirected (redirect) browser to the homepage of the website www.myfamily .com .

According to the appraisal information of some cyber security experts answering VietNamNet on Sunday morning (May 21), the first step was to determine that this is a resolution of the domain name resolution at DNS server dns2.fpt.vn FPT Internet service provider (ISP). This DNS server is responsible for resolving domain names for ADSL subscribers.

The ping result to the dns2.fpt.vn server returns the IP address 210.245.0.10.

To verify this problem, the technician tried to access the website with the .org extension via the DNS server above. First, when executing the ping dns2.fpt.vn command, the IP address of this DNS server returns to 210.245.0.10 . Set this address in the DNS Server declaration section of VDC or Viettel, when accessing most websites with .org tails, there is a redirection to the home page of myfamily.com , but the first part of .org address remains the same, just add the path part isapi.dll? c = home & htx = loginfrontmember behind.

When ADSL subscribers of VDC or Viettel do not use the default DNS server of ISP, switch to using DNS Server 210.245.0.10 immediately meet the situation of being transferred to myfamily.com when accessing websites with .org extension.

At the end of last year, specifically on November 14, ADSL subscribers of FPT on a large scale had also encountered a situation when accessing Google, they were directed to browse an unnamed online sales website. This error is also identified in the domain name server (DNS Server) that serves ADSL subscribers of FPT.

Evaluating on the cause of this incident, some experts said that the dns2.fpt.vn server has been attacked DNS server, fixed DNS records on the cache of dns2.fpt.vn, when Users of queries on these websites all return to myfalimy.com website.

If that assumption is correct, this is a serious security flaw, because DNS hijacking attacker can direct visitors to any website he creates. The website can be preloaded with flash files with the .exe extension or code that exploits IE's new security flaws, so that when users access, immediately their computers are infected with viruses, spyware, trojans . . and hijacked. At that time, personal computer information such as credit card codes, passwords, data . could be stolen when remotely controlled.

When visiting www.apache.org or other .org websites (see images mozdev.org , sans.org and worldbank.org ) users are navigated to the website of myfamily.com .
In this case, myfamily.com is a website that has been around since 1998, specializing in personal web services for family, relatives, friends, with relatively active visitors, ranking Alexa 2410. According to preliminary comments, it seems that the motivation of navigating the browser to myfamily.com is to advertise.

In the afternoon of May 21, the reporter tried to call the phone number that supported FPT's ADSL service - 04-7601090 - several times to find out the cause, but the number of machines was constantly unable to contact. By 1:30 am on May 22, the status of accessing the website with the extension of .org via dns2.fpt.vn server has not been resolved, web users continue to be redirected to myfamily.com .

Minh Huy