China Netcom customers who mistype a Web address and enter an invalid domain name get directed to a Web page with malicious code. The malicious destination page includes an iframe that points to a server in China that attempts to exploit Adobe’s Flash player, RealPlayer. The attack was carried out by exploiting the weakness in DNS software identified by security researcher Dan Kaminsky. “Literally all Microsoft users who haven’t updated to the latest patch are vulnerable to this,” says Websense security expert.”]
Source: https://www.darkreading.com/attacks-breaches/dns-flaw-used-to-poison-chinese-isp-s-server