[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1065042854.3551.102.camel@localhost>
From: r.fulton at auckland.ac.nz (Russell Fulton)
Subject: Mystery DNS Changes
On Thu, 2003-10-02 at 08:04, Gary Flynn wrote:
> Hansen, Kevin wrote:
>
> > We have seen multiple instances where DHCP enabled workstations have had
> > their DNS reconfigured to point to two of the three addresses listed below.
> > Can anyone else confirm this? Incidents.org is reporting an increase in port
> > 53 traffic over the last two days. Are we looking at the precursor to the
> > next worm?
>
> This is currently being discussed on NTBUGTRAQ too.
This is the QHosts-1 trojan
http://vil.nai.com/vil/content/v_100719.htm
This information was posted to the Avien list about an hour ago by
Craig Schmugar, McAfee AVERT.
<advertisement> :)
If you want fast access to information on trojans and viruses Avien is
the place to be. Yes is costs but the membership fees are modest and
extremely good value.
www.avien.org
</advertisement>
--
Russell Fulton, Network Security Officer, The University of Auckland,
New Zealand.
Powered by blists - more mailing lists