|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-Disclosure] Mystery DNS Changes
From: Russell Fulton (r.fulton
auckland.ac.nz)
Date: Wed Oct 01 2003 - 16:14:14 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, 2003-10-02 at 08:04, Gary Flynn wrote:
> Hansen, Kevin wrote:
>
> > We have seen multiple instances where DHCP enabled workstations have had
> > their DNS reconfigured to point to two of the three addresses listed below.
> > Can anyone else confirm this? Incidents.org is reporting an increase in port
> > 53 traffic over the last two days. Are we looking at the precursor to the
> > next worm?
>
> This is currently being discussed on NTBUGTRAQ too.
This is the QHosts-1 trojan
http://vil.nai.com/vil/content/v_100719.htm
This information was posted to the Avien list about an hour ago by
Craig Schmugar, McAfee AVERT.
<advertisement> :)
If you want fast access to information on trojans and viruses Avien is
the place to be. Yes is costs but the membership fees are modest and
extremely good value.
www.avien.org
</advertisement>
--
Russell Fulton, Network Security Officer, The University of Auckland,
New Zealand.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]