Multiple DNS servers have been badly configured allowing attackers that can change content found on the same server (localhost.originaldomain.com) where the web site (www.originaldomain.com) is hosted to capture sensitive cookie information from the user without his knowledge.

http://securityinfo.brinkster.net/view_art...5RP0M00N5K.html