lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1065042854.3551.102.camel@localhost>
From: r.fulton at auckland.ac.nz (Russell Fulton)
Subject: Mystery DNS Changes

On Thu, 2003-10-02 at 08:04, Gary Flynn wrote:
> Hansen, Kevin wrote:
> 
> > We have seen multiple instances where DHCP enabled workstations have had
> > their DNS reconfigured to point to two of the three addresses listed below.
> > Can anyone else confirm this? Incidents.org is reporting an increase in port
> > 53 traffic over the last two days. Are we looking at the precursor to the
> > next worm?
> 
> This is currently being discussed on NTBUGTRAQ too.

This is the QHosts-1 trojan
http://vil.nai.com/vil/content/v_100719.htm


This information was posted to the Avien list about an hour ago by
Craig Schmugar, McAfee AVERT.

<advertisement> :)
If you want fast access to information on trojans and viruses Avien is
the place to be.  Yes is costs but the membership fees are modest and
extremely good value.

www.avien.org
</advertisement>
-- 
Russell Fulton, Network Security Officer, The University of Auckland,
New Zealand.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ