Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Unknown Hosts file

Unknown Hosts file

From: David Tan <dtan_at_chipscc.com>
Date: 2 Apr 2002 00:31:28 -0000
('binary' encoding is not supported, stored as-is) I have a client machine running Windows 2000
Professional. All of a sudden, one day, the user was
unable to access several of the most popular
websites (i.e. google, yahoo, cnn, etc.). I noticed that
the machine was attempting to access the wrong IP
address for all the websites, in fact, it was attempting
to access the SAME IP address for every website in
the group. After some research, I found there was a
Hosts file with all the domains in question listed, and
the erroneous IP address. Has anyone ever come
accross an incident where a virus or trojan would
place a Hosts file onto a system. I have thoroughly
scanned the machine for viruses, open ports, etc.
and found nothing. Is there anything else I should be
on the lookout for?

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Received on Apr 02 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos