lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
This website is powered by Openwall GNU/*/Linux security-enhanced OS
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
From: r.fulton at auckland.ac.nz (Russell Fulton)
Subject: Mystery DNS Changes

On Thu, 2003-10-02 at 08:04, Gary Flynn wrote:
> Hansen, Kevin wrote:
> 
> > We have seen multiple instances where DHCP enabled workstations have had
> > their DNS reconfigured to point to two of the three addresses listed below.
> > Can anyone else confirm this? Incidents.org is reporting an increase in port
> > 53 traffic over the last two days. Are we looking at the precursor to the
> > next worm?
> 
> This is currently being discussed on NTBUGTRAQ too.

This is the QHosts-1 trojan
http://vil.nai.com/vil/content/v_100719.htm


This information was posted to the Avien list about an hour ago by
Craig Schmugar, McAfee AVERT.

<advertisement> :)
If you want fast access to information on trojans and viruses Avien is
the place to be.  Yes is costs but the membership fees are modest and
extremely good value.

www.avien.org
</advertisement>
-- 
Russell Fulton, Network Security Officer, The University of Auckland,
New Zealand.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux