[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Windows hosts file changing.
- To: David Gianndrea <dgianndrea@comsquared.com>
- Subject: Re: [Full-Disclosure] Windows hosts file changing.
- From: Brian Eckman <eckman@umn.edu>
- Date: Wed, 22 Oct 2003 08:50:59 -0500
David Gianndrea wrote:
Kind of sounds like this...
http://vil.nai.com/vil/content/v_100719.htm
Kevin Gerry wrote:
Does -ANYBODY- know how it occurs?
I've had this happen to a couple boxes of mine now...
New one:
--
127.0.0.1 localhost
66.40.16.131 livesexlist.com
66.40.16.131 lanasbigboobs.com
66.40.16.131 thumbnailpost.com
66.40.16.131 adult-series.com
66.40.16.131 www.livesexlist.com
66.40.16.131 www.lanasbigboobs.com
66.40.16.131 www.thumbnailpost.com
66.40.16.131 www.adult-series.com
--
Any idea how the search site is replacing that? =/ It's starting to
piss me
off =/ I had some custom information in there that's now overwritten (Not
backed up)
Thanks =/
Actually, I don't think it sounds a damn thing like Qhosts.
Qhosts modifies DHCP-issued DNS server settings in the registry, and
creates a new HOSTS file and tweaks the registry to use that HOSTS file.
It doesn't touch the original HOSTS file.
This post exhibits no Qhosts behavior, and Qhosts doesn't exhibit any
of this behavior. I think Daniel got it right - quit going to porn
sites. Better yet, quit going to porn sites advertised in Spam.
Also, to respond to another comment, the MS03-040 patch might *not*
address this type of attack on a system. Internet Explorer fully patched
with default settings *still* allows silent delivery and install of
executables. POC was sent to this list weeks ago.
Brian
--
Brian Eckman
Security Analyst
OIT Security and Assurance
University of Minnesota
612-626-7737
"There are 10 types of people in this world. Those who
understand binary and those who don't."
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html