From: Russ (Russ.CooperRC.ON.CA)
Date: Thu Oct 02 2003 - 13:13:16 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Symantec's write up is the most comprehensive I have seen so far, much better than my patchwork.

http://www.sarc.com/avcenter/venc/data/trojan.qhosts.html

I think we're done with this trojan (as far as list updates are concerned.) There have been several/many attacks of this nature, with a variety of actions/results. With the binaries in the hands of the AV folk, any new revelations should come from them. If you've seen behavior that's different than what's been here on NTBugtraq, I encourage you to report it to your AV Vendor.

I'm working on a piece inspired by Chad Myers and some of my own thoughts about how to prevent this sort of attack in the future (beyond the mitigators previously listed, and beyond some fix from MS for this specific issue.) No, it doesn't involve removing IE...;-]

Thanks to everyone who submitted so much valuable data in such a short period of time. Those of you who didn't get a direct response to me, my apologies, everyone's message was read.

Once again NTBugtraq has proven that with a community effort we can improve the security of everyone. Of course I should have accepted the claims that were presented to me back in July, or done more when eEye confirmed those reports, ain't hindsight grand.

If you have any IP address blocks of banner ad providers, or links to pop-up blockers you've found useful, send them my way.

Cheers,
Russ - NTBugtraq Editor

-----
Wondering as to whether the list is running? The NTBugtraq archives are
updated first before messages are emailed to subscribers. Check the
archives first to see if you have missed any messages;

http://www.ntbugtraq.com/archives

-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]