Full Disclosure: Re: Mystery DNS Changes

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: Mystery DNS Changes

From: Brian Eckman <eckman () umn edu>
Date: Wed, 01 Oct 2003 16:05:52 -0500

Gary Flynn wrote:
>
>
> Hansen, Kevin wrote:
>
>> We have seen multiple instances where DHCP enabled workstations have had
>> their DNS reconfigured to point to two of the three addresses listed
>> below.
>> Can anyone else confirm this? Incidents.org is reporting an increase
>> in port

>> 53 traffic over the last two days. Are we looking at the precursorto the

>> next worm?
>
>
> This is currently being discussed on NTBUGTRAQ too.
>
>


McAfee labels it QHosts-1

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100719

Brian


--
Brian Eckman
Security Analyst
OIT Security and Assurance
University of Minnesota
612-626-7737

"There are 10 types of people in this world. Those who
understand binary and those who don't."

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

By Date By Thread

Current thread:

Mystery DNS Changes Hansen, Kevin (Oct 01)
- Re: Mystery DNS Changes Gary Flynn (Oct 01)
  - Re: Mystery DNS Changes Brian Eckman (Oct 01)
  - Re: Mystery DNS Changes Russell Fulton (Oct 01)
- Re: Mystery DNS Changes Mary Landesman (Oct 01)
- Message not available
  - Re: Mystery DNS Changes Mike Tancsa (Oct 01)
- Re: Mystery DNS Changes Danny Pansters (Oct 01)
- Re: Mystery DNS Changes Joe Stewart (Oct 02)