Full Disclosure: Re: Mystery DNS Changes

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: Mystery DNS Changes

From: Joe Stewart <jstewart () lurhq com>
Date: Thu, 2 Oct 2003 09:23:46 -0400

On Thursday 02 October 2003 08:31 am, Randal, Phil wrote:

NAI has this as QHosts-1, and says MS03-032 does NOT protect against
it:


F-Secure named this trojan "Delude" days ago. NAI's QHosts-1 is just a 
variant. It is well known that MS0-032 is not 100% effective, so 
definately no one should think they are immune to this or any other 
hostile object tags just because they have that patch. Everyone running 
IE should disable active scripting if they want to avoid these little 
surprises.

-Joe

-- 
Joe Stewart, GCIH 
Senior Security Researcher
LURHQ Corporation
http://www.lurhq.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

By Date By Thread

Current thread:

Re: [Snort-sigs] Re: Mystery DNS Changes, (continued)
- Re: Mystery DNS Changes *Hobbit* (Oct 01)
  - RE: Mystery DNS Changes Kurt (Oct 02)
- RE: Mystery DNS Changes Andre Ludwig (Oct 01)
- RE: Mystery DNS Changes Randal, Phil (Oct 02)
  - Re: Mystery DNS Changes Joe Stewart (Oct 02)
  - Re: Mystery DNS Changes Paul Tinsley (Oct 02)
- RE: Mystery DNS Changes Harris, Michael C. (Oct 02)
- RE: Mystery DNS Changes Schmehl, Paul L (Oct 02)
  - Re: Mystery DNS Changes KF (Oct 02)
- RE: Mystery DNS Changes Mike O'Connor (Oct 03)