|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-Disclosure] Mystery DNS Changes
From: Mary Landesman (mlande
bellsouth.net)
Date: Wed Oct 01 2003 - 16:12:48 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This exploit has been dubbed QHosts-1 Trojan by NAI. Details can be found
at:
http://vil.nai.com/vil/content/v_100719.htm
Regards,
Mary Landesman
Antivirus About.com Guide
http://antivirus.about.com
----- Original Message -----
From: "Hansen, Kevin" <kevin.hansenthomson.com>
To: <full-disclosurelists.netsys.com>
Sent: Wednesday, October 01, 2003 3:19 PM
Subject: [Full-Disclosure] Mystery DNS Changes
We have seen multiple instances where DHCP enabled workstations have had
their DNS reconfigured to point to two of the three addresses listed below.
Can anyone else confirm this? Incidents.org is reporting an increase in port
53 traffic over the last two days. Are we looking at the precursor to the
next worm?
216.127.92.38
69.57.146.14
69.57.147.175
-KJH
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]