In recent days, many FPT ADSL subscribers have reported that when accessing most international websites with the .org domain, their browsers are redirected to the homepage of www.myfamily.com.
According to assessments from several cybersecurity experts speaking to VietNamNet on Sunday morning (May 21), it has initially been determined that this is a domain name resolution error at the DNS server dns2.fpt.vn of the Internet Service Provider (ISP) FPT. This DNS server is responsible for resolving domain names for ADSL subscribers.
 |
Ping results to the server dns2.fpt.vn returned the IP address 210.245.0.10. |
To verify this issue, technicians attempted to access websites with the .org suffix through the aforementioned DNS server. Initially, when executing the ping command on dns2.fpt.vn, the IP address returned for this DNS server was 210.245.0.10. Entering this address into the DNS Server settings for VDC or Viettel, when accessing most .org websites, users experienced a redirection to the homepage of myfamily.com, while the beginning of the .org address remained unchanged, merely appending isapi.dll?c=home&htx=loginfrontmember to the end.
 |
When VDC or Viettel ADSL subscribers do not use the default DNS server of their ISP and switch to using DNS Server 210.245.0.10, they immediately encounter the same redirection to myfamily.com when accessing .org websites. |
Last year, specifically on November 14, FPT ADSL subscribers also experienced a similar issue where accessing Google redirected their browsers to an unnamed online shopping website. This error was also traced back to the DNS server serving FPT’s ADSL subscribers.
Regarding the cause of this incident, some experts have indicated that it is possible that the server dns2.fpt.vn was a victim of a DNS server attack, altering the DNS records in the cache of dns2.fpt.vn, so that when users queried these websites, they were redirected to myfamily.com.
If this assumption is correct, it represents a serious security flaw, as DNS hijacking attackers could redirect users to any website they create. Such a website could be preloaded with flash files with .exe extensions or snippets of code exploiting new security vulnerabilities in Internet Explorer, meaning that when users visit, their computers could become infected with viruses, spyware, trojans… and lose control. At that point, personal information on their computers, such as credit card numbers, passwords, and data, could be stolen when accessed remotely.
 |
| When accessing www.apache.org or other .org websites (see images mozdev.org, sans.org, and worldbank.org), users are redirected to the homepage of myfamily.com. |
In this case, myfamily.com is a website that has existed since 1998, focusing on personal web services for families, relatives, and friends, with a relatively stable number of visitors, ranking 2410 on Alexa. Preliminary assessments suggest that the motivation behind redirecting browsers to myfamily.com is for advertising purposes.
On the afternoon of May 21, a reporter attempted to call FPT’s ADSL service support number – 04–7601090 – several times to inquire about the cause, but the line was continuously busy and could not be reached. By 1:30 AM on May 22, the issue of accessing .org websites through the dns2.fpt.vn server had not yet been resolved, and web users continued to be redirected to myfamily.com.
Minh Huy
