Full Disclosure mailing list archives

Re: Mystery DNS Changes

From: Joe Stewart <jstewart () lurhq com>
Date: Thu, 2 Oct 2003 09:23:46 -0400

On Thursday 02 October 2003 08:31 am, Randal, Phil wrote:

NAI has this as QHosts-1, and says MS03-032 does NOT protect against
it:


F-Secure named this trojan "Delude" days ago. NAI's QHosts-1 is just a 
variant. It is well known that MS0-032 is not 100% effective, so 
definately no one should think they are immune to this or any other 
hostile object tags just because they have that patch. Everyone running 
IE should disable active scripting if they want to avoid these little 
surprises.

-Joe

-- 
Joe Stewart, GCIH 
Senior Security Researcher
LURHQ Corporation
http://www.lurhq.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RE: Mystery DNS Changes, (continued)
- RE: Mystery DNS Changes Harris, Michael C. (Oct 01)
  - Re: Mystery DNS Changes Paul Tinsley (Oct 01)
    - Re: [Snort-sigs] Re: Mystery DNS Changes Paul Tinsley (Oct 02)
    - Re: [Snort-sigs] Re: Mystery DNS Changes Paul Schmehl (Oct 03)
    - Re: [Snort-sigs] Re: Mystery DNS Changes Paul Tinsley (Oct 03)
    - Re: [Snort-sigs] Re: Mystery DNS Changes Paul Schmehl (Oct 03)
- Re: Mystery DNS Changes *Hobbit* (Oct 01)
  - RE: Mystery DNS Changes Kurt (Oct 02)
- RE: Mystery DNS Changes Andre Ludwig (Oct 01)
- RE: Mystery DNS Changes Randal, Phil (Oct 02)
  - Re: Mystery DNS Changes Joe Stewart (Oct 02)
  - Re: Mystery DNS Changes Paul Tinsley (Oct 02)
- RE: Mystery DNS Changes Harris, Michael C. (Oct 02)
- RE: Mystery DNS Changes Schmehl, Paul L (Oct 02)
  - Re: Mystery DNS Changes KF (Oct 02)
- RE: Mystery DNS Changes Mike O'Connor (Oct 03)
  - RE: Mystery DNS Changes Paul Schmehl (Oct 03)
  - RE: Mystery DNS Changes Nick FitzGerald (Oct 03)
- RE: Mystery DNS Changes Dowling, Gabrielle (Oct 03)
- Mystery DNS Changes Mike O'Connor (Oct 04)