Security Incidents mailing list archives
RE: Global DNS Cache poisoning?
From: "Hubbard, Dan" <dhubbard () websense com>
Date: Fri, 4 Mar 2005 13:30:45 -0800
We posted this information earlier today: http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=144
From our site:
"We have investigated the sites that are reporting to direct users to malicious websites. These sites attempt to download and install code and an Active X piece called "ABC Search Webinstall." The name of the executable is "mhh.exe." Websense(r) Security LabsTM is investigating its behavior." The mhh.exe installs a toobar from BestToolbars.net. Homepage and search engine settings are changed. As far as proof of the poisoning, we have not witnessed any name lookups ourselves but we have seen large increases in the number of users visiting some of the sites listed in the SANS details. In particular: http://www.7sir7.com/abx_search_webinstall/download.html Internet Storm Center Details: http://isc.sans.org//index.php -----Original Message----- From: Russell Guthrie [mailto:rguthrie () humana com] Sent: Friday, March 04, 2005 11:26 AM To: incidents () securityfocus com Subject: Global DNS Cache poisoning? SANS is reporting a potential DNS cache poisoning. Has anyone heard or seen anything to confirm this?
Current thread:
- Global DNS Cache poisoning? Russell Guthrie (Mar 04)
- Re: Global DNS Cache poisoning? lasnews (Mar 04)
- Re: Global DNS Cache poisoning? Jay D. Dyson (Mar 04)
- <Possible follow-ups>
- RE: Global DNS Cache poisoning? Hubbard, Dan (Mar 04)