[citation][nom]hellwig[/nom]I'm guessing you left out something, maybe he published a REPORT on the criminal online service?Still, if these DNS servers are in a Microsoft Lab, why is anyone using them? Seriously, who (either individual or ISP) would route there data through the first IP that responded to DNS traffic? I mean, I could setup a DNS server that directed EVERY website to tomshardware, but if no one configured their computer to use it, there wouldn't be any problem. I wanna know who's using these servers.[/citation]
Seriously??? Do you understand DNS??? DNS isn't just for your client side to figure things out as associated by your ISP or manual configuration. When you're specified DNS has no clue what website you are looking for it passes on the requests... all the way up to the root servers who then tell you what DNS server DOES know about it. So, basically you get spam with a link, you click the link, your DNS provider says "i have no clue who that is" and passes it along... then your machine is told which DNS has the infor, in this case, hey, these DNS servers have what you are looking for... so you go ask that DNS server who www.spamthecrapouttame.com is and it replies with the IP address associated... You don't even have to know this DNS server exists, but you will still get your info from it. It's how DNS works since not every DNS server could keep every address and even if it could, it could never keep it all readily synced.
...and for the record... microsoft says "linux network devices" and the article made the correlation that these devices were the actual DNS servers. To correlate that these devices were DNS, there was another statement that "dozens of DNS servers" were used.
Sounds to me that MS is using a router or switch or a firewall of some sort that was mis-configured but was meant to set between the lab and the net. These were compromised allowing access to the lab which probably had tons of servers with relatively week or no security... ie: the admin password was blank or something...
The hackers configured the linux devices (i'm guessing firewalls) to pass in the DNS traffic and then just configured the DNS servers in the labs.