That was when Moore and I)ruid started working on the attack code, Moore said Thursday. "We were keeping an eye on it before, but we didn't really start until Monday," he said. "There have been tools available to check to see if you needed to patch [the DNS software], but there wasn't any way to actually see if you could actually do this attack."
The exploits have been added to the Metasploit framework, said Moore, but at the moment are available only for Linux. He said that work on exploits able to hack Mac OS X and other operating systems would start soon, but that the attack would not be tweaked for Windows. Because of the way the exploits are written, it "would never work on Windows."
That doesn't mean Windows users are safe, however. "Most attacks will be against servers running Linux," Moore predicted.
Storms didn't dismiss the possibility of attacks now that exploit code is available, but downplayed the threat because of all the attention the bug has received. "I think the likelihood of a mass attack is limited," said Storms, "because a whole lot more people understand how DNS works than did several weeks ago."
Users should patch now, said Storms, even if they're not operating a DNS server. "It's important that you look at the Microsoft patch now," he said, referring to the fix Microsoft issued two weeks ago for every version of Windows except Vista.
"Anytime you can change [entries on a] DNS server, you run into a lot of other issues, including drive-by Web attacks," warned Moore.