Security Incidents mailing list archives

Unknown Hosts file

From: David Tan <dtan () chipscc com>
Date: 2 Apr 2002 00:31:28 -0000



I have a client machine running Windows 2000 
Professional.  All of a sudden, one day, the user was 
unable to access several of the most popular 
websites (i.e. google, yahoo, cnn, etc.).  I noticed that 
the machine was attempting to access the wrong IP 
address for all the websites, in fact, it was attempting 
to access the SAME IP address for every website in 
the group.  After some research, I found there was a 
Hosts file with all the domains in question listed, and 
the erroneous IP address.  Has anyone ever come 
accross an incident where a virus or trojan would 
place a Hosts file onto a system.  I have thoroughly 
scanned the machine for viruses, open ports, etc. 
and found nothing.  Is there anything else I should be 
on the lookout for?

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Unknown Hosts file David Tan (Apr 01)
- Re: Unknown Hosts file Michael ENGEL (Apr 02)
- Re: Unknown Hosts file H C (Apr 02)
- Re: Unknown Hosts file ePAc (Apr 02)
- Re: Unknown Hosts file <-delusion-> (Apr 02)
- <Possible follow-ups>
- RE: Unknown Hosts file BRAD GRIFFIN (Apr 02)
  - RE: Unknown Hosts file Brenna Primrose (Apr 02)