Internet users are at risk of having their password and credit card details stolen by hackers who redirect them to bogus websites.
The underhand computer whizzes "poison" the system that route requests so crooks can see personal information, or force surfers to download software or pay to click on adverts.
According to the New Scientist magazine, the hackers attack the domain name system (DNS), sending users to fake sites so they can access their details.
DNS "cache poisoning or polluting" was seen in the internet's infancy, usually by jokers, but has reportedly reared its head again.
And experts are now divided on how much damage it could do.
Swa Frantzen, from the SANS Internet Storm Centre, which monitors internet threats and says it has seen a recent slew of poisonings, told the magazine: "We see the combination of DNS poisoning with other hostile actions as having a serious impact."
But Joe Stewart of the US internet security company Lurhq, said: "I think it's going to slowly die out."
New software is said to prevent the flaw, but the magazine reports SANS saying that if companies join servers together, and one runs an older version, poisoned information can be passed on, and then hackers can strike.
They work by setting up their own DNS server, sending an email to a company's DNS server, thereby making contact and placing a code on the system.
The next time a request for a specified website comes through, surfers are directed to a fake site, which looks the same, but which can be monitored by the hacker.