| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: jlevitsk at joshie.com (Joshua Levitsky) Subject: Windows hosts file changing. ----- Original Message ----- From: "Kevin Gerry" <poof1@....net> Sent: Wednesday, October 22, 2003 4:01 AM Subject: [Full-Disclosure] Windows hosts file changing. > Does -ANYBODY- know how it occurs? > > I've had this happen to a couple boxes of mine now... > > New one: > -- > 127.0.0.1 localhost > 66.40.16.131 livesexlist.com > 66.40.16.131 lanasbigboobs.com > 66.40.16.131 thumbnailpost.com Perhaps a variant of the QHosts virus which just exploits an IE vulnerability. Perhaps not even a "virus" per say. (It's kind of sketchy anyways to call Qhosts a virus.) Perhaps a user got an email and clicked on the URL and it sent them to a site that took advantage of their IE not being patched. http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html http://vil.nai.com/vil/content/v_100719.htm The MS03-040 patch addresses this type of attack on a system. -Josh -- Joshua Levitsky, MCSE, CISSP System Engineer Time Inc. Information Technology [5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1]
Powered by blists - more mailing lists