If your company runs all its Internet traffic through an internal server, and that server runs Microsoft Windows, then you're vulnerable to a new type of hack known as DNS Cache Poisoning. (The illustration here comes from a Brazilian blog, marketinghacker.br.)

The alert went out about a month ago. The idea has been around for a decade, but it's now being adopted by sophisticated criminal gangs.

Here's how it works.

Criminals break into a Windows server caching DNS requests for an Intranet, then insert instructions redirecting users to poisoned pages. The 12-digit IP address chosen by the criminal is thus linked to a chosen Internet address, and requests for Google.Com (for instance) could go to a site that downloads spyware or key-logging software in the background.

What can be done about it?

• If you do your Web access directly through a large ISP don't worry. The caches are too large, overwritten too often by legitimate requests, for the hack to work.
• If you do have a Windows machine, clear your cache regularly. This does sort of eliminate the benefits of having a cache server, of course.
• If you find this on your server, get the IP address your users are being re-directed to and report it at http://isc.sans.org/contact.php

The biggest irony in the latest case, by the way, is that the vulnerability allowing this exploit was actually created by Symantec security software. If you're running some of their stuff on your servers, get it updated and stay on them to make sure the bugs are fixed.